The CIA triage is built upon confidentiality, integrity, and availability. Take away one of those aspects and the triage is broken. Ransomware has created a way to remove the availability of information to exploit victims. In some instances, the ransomware only encrypts the files and doesn’t offer decryption options. As attackers look for ways to attain financial gain from their malicious efforts, they build successful campaigns to find victims and exploit them for financial gain. As a student, the idea of your documents being held captive during finals week is a terrifying thought. If you have ever lost an important document you were working on in the event of an error, you understand how stressful it can be to lose all your work. Attackers are taking aim at targets that are likely to pay under pressure. While paying to recover your work may seem like an obvious choice while under pressure, when you pay there is no guarantee that your information will be recovered and you will also be supporting their cyber crime. Ransomware is not a newly emerging threat, but over time it has grown into a more sophisticated campaign that attackers are finding to be successful. In the era of ransomware, how can we prevent being a victim, and how can we react in the event we fall prey to attackers?
Before diving in head first to preventative and reactive measures, I want to discuss a specific ransomware campaign that has caught my eye. Feel free to start a topic on our National Cybersecurity Student Association LinkedIn group about the latest ransomware threats to open up discussion. Recently my boss mentioned the Philadelphia ransomware that is a powerful tool designed for ransomware campaigns. A recent promotional video on the tool developed by Rainmaker Labs shows the extent of the tool and how troubling these campaigns are. Researching about Rainmaker Labs hasn’t returned many satisfying results, and I am interested in more info if anyone has any to share. On the Rainmaker Labs website, they boast the $389 Philadelphia ransomware by stating, “Philadelphia is the proof that Big things come in small packages. All you receive is a executable file – Named Headquarters – which gives you access to everything. From managing campaigns and Tracking victims on a Map, Filtering and Generating PDF Reports, you will have everything you need for a Successful Ransomware Attack. Furthermore, Philadelphia can also act alone: it AutoDetect’s Bitcoin Payments and all you’ll need to worry is where you will want to be next holiday.” The website also offers several other programs for malicious intent. As with most ransomware, the financial gain is dependent on Bitcoin returns. It would seem easy to deem Bitcoin illegal, but there would be many negative impacts on non-malicious Bitcoin customers. As soon as one digital currency is taken away, more would replace it. Digital currency elimination is not feasible. So what are our options?
Prevention is always the perceived first step in a security environment. Before you can prevent something, you have to understand how it works. If you take away a key component, your data, then you are one step ahead. Ransomware works by encrypting your important data. If you regularly backup your data, then that is one less advantage they have on you. Cisco recommends the following steps for ransomware prevention.
- Improve network hygiene.
- Defend strategically instead of haphazardly.
- Reduce time to detection.
- Protect your users everywhere they are.
- Routinely test the effectiveness of backup data.
- Uninstall and disable unused software and hardware.
- Do not click on suspicious links or files.
- Stop blaming victims.
Utilize the link included for more information about these suggestions. Also, some guides are available for removing ransomware. I successfully removed a popular ransomware from a friend’s device a few years ago simply by researching the information in the ransom demands and discovering how it worked to reverse engineering it. There are also more tools available for testing your resilience against ransomware incidents.
End users are no strangers to ransomware, and the target is also focused on enterprise and educational users as well. Prevention is as important as knowledge of how these tools work. Keeping current on the exploits and current ransomware campaigns is imperative to understand the threat landscape. As of this writing another Star Trek themed ransomware rightfully named Kirk is making its rounds. Check it out and let us know your thoughts!
