Jul 10 2014

Fight Back Against Ransomware

Rather than pay to release files, agencies should rely on backups.

The threat of ransomware frightens many IT managers, and with good reason: This new form of malware requires special attention by public agencies to prevent infection and protect data.

Ransomware refers to computer malware that holds data hostage by encrypting files on all drives and demanding money to release them. One example, CryptoLocker, taps anonymous online payment technologies and uses spoofing to kidnap and encrypt files.

A Nuisance at Best

IT directors must plan to stay ahead of the problem. For example, one local government in California was attacked after an infected PC ended up encrypting everything it had access to through the network. “We were down for a couple of days,” says an IT professional with that agency. “At that point, you really have to rely on your backups to restore everything.”

Thanks to backups, it’s rarely necessary to pay the ransom. Data can be easily backed up and transferred, and malware can be obliterated through reformatting. However, the pain of finding the infected computer and restoring the data can be even more costly in terms of lost productivity. Agencies are left with little to do but restore, reformat and reinstall.

IT managers can take several steps to guard against this rising form of malware or recover systems without paying the ransom.

Start with spam filtering as the first line of defense. Invest in firewall and filtering software and keep it up to date. Blocking spoofed email is the cleanest and best way to guard against ransomware.

Next, set up policies that block executable files from running when they’re located in specific paths. CryptoLocker executes from common directories such as AppData or LocalAppData. Setting policies can prevent the execution of random malware.

Backups to the Rescue

Maintaining current data backups is already critical to IT operations, and this new form of malware only underscores the importance of reliable, secure and frequent backups. Restoring from backup is the way to recover from a ransomware attack. Though this is the last thing IT managers want to do, it’s better to restore from a recent backup than to pay an attacker in the hope that he will unencrypt the data.

Finally, continue to warn staff not to open email that looks suspicious. Spoofing usually takes the form of email from a source that seems reputable. CryptoLocker, for example, came through a link in emails with subject lines that sounded reasonable: “Annual Form — Authorization to Use Privately Owned Vehicle on State Business” or “USPS — Missed package delivery.” Train new workers and remind experienced ones not to click on links that may be malicious.

The cybersecurity industry actively works with state and local government to manage new discoveries in data attacks. As we work together to keep the effects of new malware in check, we’re ever mindful of the critical importance of maintaining security and reliability as well as the trust of the public’s data.

Wavebreakmedia Ltd/thinkstock

aaa 1