Ransomware: Beware the Users, and Other Things As well…

Ransomware, Hacks, and Cybersecurity Issues: As long as there are users there will be issues

Various media outlets have reported a dramatic rise in ransomware attacks and the NY Times reported that the most recent attacks impacted over 200,000 machines running the Windows operating systems (OS), across 150 countries.  The NYTimes article posits that hospitals, academic institutions, and technology companies were targeted during this cyberattack.  The article goes on to state that it is likely that exercising caution while online may have prevented the malware from infiltrating and infecting the networks from the outset.  While the malware has been identified as the “WannaCry” variant, it seems a security update was made available by Microsoft nearly two months ago, according to the article.  Thus, here we see a double-whammy: 1) administrators were not timely in rolling out updates; and 2) users clicked on or opened e-mails which facilitated the spread (this second point is contentious as some security vendors dispute whether or not the payload was delivered using a typical phishing scheme).


What Now?

Ultimately these things typically seem to come down to the user.  While IT professionals can implement policies and procedures to ensure that patches and security updates are applied regularly, it is the user, who can make or break nearly any policy or procedure.  Until artificial intelligence takes over and heuristics rule the day, we will continue to see successful (and yet rudimentary) attacks.  That may help going forward but it doesn’t help in the here and now, however the following may.  There are procedures companies and individuals can implement to limit the damage that ransomware can inflict and hopefully avoid paying a ransom for the return of their un-encrypted data.

One would think that the concept of security updates and remaining current with patches would be a no-brainer; however, clearly that is not the case.  Therefore, step zero if you will is to stay on top of this and ensure that all of your computing devices are using the latest supported versions with the latest patches and security updates applied.   For a standard user, you should then practice good cyber hygiene, do not click on or open e-mails from unknown senders and do not click links in e-mails unless they are from a trusted source and do not exhibit any of the tell-tale signs (e.,g misspellings, poor grammar usage, link that goes to an unknown domain, etc.).  It is equally important that you maintain backups of your data that are in traditional backup format and ideally streamed to the backup device so that the backups themselves stay beyond the reach of ransomware.  However, as I found in my previous career, a backup is only as good as the restore and all too often restores are not fully (if at all) tested and this creates a terrible scenario.  Ideally you would have a full-scale disaster recovery (DR) plan, however these are largely beyond the expertise of the typical user and even some businesses.  Without a DR plan both created and tested, companies will continue to find themselves victims of ransomware and to mitigate risk they will often decide to pay rather than test their restore capabilities for the very first time.

The Short Version:

Know thy sender: if you aren’t certain it is from a trusted source, delete it rather than opening.  Same goes for links — type the address to the domain yourself rather than clicking a link you aren’t sure of.

Updates and Patches: turn on automatic updates, download and install the latest security updates, and check manually on a regular basis to ensure those “automatic” features are working.

Backup: if it is worth saving, it is worth backing up.  Don’t forget that with the technological advances of handheld devices you should ensure that those are backed up as well.

Restore: test your restores, make sure you can restore a file, a folder, and an entire device.  Sometimes a bare-metal restore is the only option to make sure you can bring your data back online with an entirely new device.

 

 

Share:

Tags: , ,

Authors

Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Ryan D. White

Ryan D. WhiteRyan is currently a third year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic.Full biography

Christopher w. FolkChristopher W. Folk

is a 2017 graduate of SU College of Law. A non-traditional student, Christopher returned to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering. Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Anna Maria Castillo

is 2016 graduate of Syracuse College of Law. She also holds a Master of Arts in International Relations from Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She served as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a 2015 graduate of Syracuse College of Law and is a prosecutor. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She was a member of the Syracuse National Trial Team and was awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She wrote for this blog when a student. She is now a member of the U.S. Army Judge Advocate General's Corps.

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography

Categories