Ransomware in the new age; stop, think, click!

Ransomware is not a new word at all, but the times in which we are dealing with it are new to all of us. Let’s start by defining ransomware, it is a form of malicious software (malware) that targets critical data and systems for the purpose of extortion. Ransomware often encrypts data or programs to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to their systems or data. In not so “techie” terms, this software hides/steals all of your important information and asks that you pay a sum of money to release the info back to you. This payment often needs to be paid in cryptocurrency because of the anonymity that comes with Cryptocurrency. This assures that the attackers, aka “bad actors” can be paid with no tracking records revealing who or where they are.

To make matters worse, making a ransom payment does not guarantee that the victim will regain their stolen data.  An organization hit with ransomware can be affected in a variety of ways, let’s take a look at some of these:

• An organization can face the permanent loss of data and/or it can completely shut down its operations.
• Financial loss can also be a factor if revenue generating operations are hit with ransomware.
• Finally, damage to an organization’s reputation portrays an untrustworthy and unsecure company to the public-eye. Especially if the data stolen belongs to their clients. (i.e., social security numbers, bank info, credit card data etc…)

As mentioned, Ransomware isn’t a new threat, but certainly a pretty scary one that still happens every day. Because of the continued risk, there have been legal considerations put in place, such as the USA PATRIOT Act Section 314(b). This act encourages voluntary sharing of information among financial institutions, to identify and report suspicious activity, such as ransomware attacks. Anyone hit with Ransomware is to identify and report to the Federal Government immediately. Another legal requirement is the OFAC FinCEN’s Ransomware Advisories that published advisories on the sanctions and anti-money laundering risks of facilitating ransomware payments.

A very important thing to know and to always avoid is paying the ransom being asked. If Ransomware is paid, it can be considered money laundering or terrorist activity. Thereby, a best practice is to never pay the ransom and report the incident as quickly as possible.

If you think your business has fallen victim, you need to be aware of all State and Federal regulations. State and regulatory agencies impose obligations on companies to provide notice of data breaches. Requirements and timeframes vary between states and regulators. You should report attacks to https://www.ic3.gov/ and contact law enforcement immediately. It is strongly encouraged to contact a local field office of the Federal Bureau of Investigation (FBI) or U.S. Secret Service immediately upon discovery to report a ransomware event and request assistance.

STOP, THINK, CLICK! Be Vigilant and Safe

Written by:

Aishwarya Minocha  | IT/Cybersecurity Auditor @ Stetson Cyber Group

Sean McNierney | Reverse Malware Engineer @ Stetson Cyber Group