Ransomeware attacks spotlight need for caution, training

Tuesday, August 20, 2019

“Always eat avocados ‘cause lions just hate onions.”

That was a memory trick one could use to retrieve the arcane “aeacljho” code that it took to log into the Gazette’s computer system late last century.

That was before computers went through a transformation, about 30 years ago, when “GUI” or the graphical user interface system became the point-and-click system so familiar to Mac and Windows users today.

The change made it easy for workers with a minimal amount of training to use computers, ideally greatly increasing their productivity in the process.

Now that everyone is connected to the internet, however, that same system has made it easier for criminals to rob individuals, businesses, organizations and local governments using those computers.

Twenty-three Texas towns learned that the hard way last weekend, when they were the subject of a coordinated “ransomware” attack, which followed similar attacks in New York, Louisiana, Maryland and Florida that resulted in loss of significant amounts of money.

Often delivered by email, once a user clicks on a ransomware attachment, the organization’s system is locked up until the money is paid or files are recovered, with difficulty, by some other means.

The Texas attack triggered a “Level 2 Escalated Response” by Gov. Greg Abbott, only one step below the highest, Level 1 response.

Ransomware is a major headache for any organization that depends on a network, and while it’s often cheaper to just pay the criminal than hire the experts to undo the hack, there’s no guarantee the files will actually be unlocked once money, often in Bitcoin or some other anonymous cyber currency, actually changes hands.

Norton Security offers this advice:

-- Do not pay the ransom. It only encourages and funds these attackers.

-- Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.

-- Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your coworkers receive suspicious calls.

-- Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.

-- Do employ content scanning and filtering on your mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.

-- Do make sure that all systems and software are up-to-date with relevant patches. Exploit kits hosted on compromised websites are commonly used to spread malware. Regular patching of vulnerable software is necessary to help prevent infection.

-- If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. Make sure you use a trustworthy Virtual Private Network (VPN) when accessing public Wi-Fi.

Taking a little time before a malware attack takes place can save hours or days of lost productivity and thousands of dollars of needless expense later.

Respond to this story

Posting a comment requires free registration: