Contributed by: Ben Woelk, ISO Program Manager;
Written by: Tyler Mueller, ISO Communications Associate
Ransomware is malware, or malicious software, that uses encryption to hold a victim’s information for ransom. After a user or organization’s files, databases, or applications become encrypted, attackers will ask for a fee before providing a decryption key that will allow access to the stolen information again.
Ransomware is malware, or malicious software, that uses encryption to hold a victim’s information for ransom. After a user or organization’s files, databases, or applications become encrypted, attackers will ask for a fee before providing a decryption key that will allow access to the stolen information again. There is typically no alternative to recovering encrypted data. Ransomware is usually installed on a computer from a phishing email, a pop-up, or malicious advertising. Anti-malware services may or may not detect a malicious attachment, so it is important for users to stay vigilant.
As stated by McAfee, an American global computer security software company, “Ransomware is often designed to spread across a network and target database and file servers, and can thus quickly paralyze an entire organization” (McAfee). Particularly in light of the COVID-19 global pandemic, there has been a steady and significant increase in corporate-level cybercrime, which has caused billions of dollars in payouts from companies and organizations attempting to cover the expenses of information compromises.
How Does Ransomware Operate?
Ransomware uses asymmetric encryption, a secure messaging technique that uses a pair of keys to encrypt and decrypt a file. The two keys are created by the attacker specifically for the victim, with only the attacker having access to the one that will decrypt the files on their server (McAfee). The decryption key is only available to the victim once the ransom has been paid, otherwise, it is almost impossible for the victim to decrypt the files themselves.
There are numerous types of ransomware currently circulating online. As mentioned, one of the most common ways ransomware is introduced to a network is through phishing emails that contain malicious links. Malware needs an attack vector (a specific path to break into a system) to connect to an endpoint within the victim’s network (McAfee). Once it has connected, after a link is clicked or a malicious file has been downloaded, the malware remains in the user’s system until it has located files for the attacker to encrypt, such as entire databases worth of confidential documents and images. Ransomware is designed to locate vulnerabilities within a network and then spread to other systems to accomplish the same task.
Once ransomware has successfully been implemented in a user or organization’s computer system, it will prompt them to pay the fee or lose their information forever.
Ransomware in Higher Education:
In September of this year, Howard University fell victim to a ransomware attack that forced a two-day campus-wide shut down. In an official statement released by Howard on September 3, “we know the University has experienced a ransomware cyberattack, causing some functions critical to the University to shut down” (Howard University 2021).
Universities are a common target of ransomware attacks because they possess a broad network of both private and confidential information. Additionally, colleges do not always have the resources to prevent cybercriminals from infiltrating their systems, such as well-staffed cybersecurity teams to properly manage the high volume systems.
Universities are not the only institutions seeing a rise in ransomware attacks over the past several years. Throughout the course of the pandemic, there have been stark increases in cyberattacks on individuals, but there has also been a rise in high-profile ransomware attacks. Just this year, the NBA, Kia Motors, and CNA Insurance were among several major companies that suffered financial loss and information compromises as a result of ransomware attacks, in addition to Howard just this past month. (Touro College 2021).
Ransomware technology is rapidly spreading as cybercriminals create new malware samples on demand and create cross-platform ransomware.
How to Prevent a Ransomware Attack:
There are several best practices to implement that can prevent a ransomware attack.
Learn how to identify a suspicious email, pop-up ad, or link. Not clicking on malicious links in the first place is a necessary precaution that needs to be taken in order to protect sensitive information. If an email looks suspicious, be sure to verify the sender’s email address, check the body of the message for spelling or grammar errors, and carefully read attachment titles before clicking on them. An obvious giveaway of a phishing email is misspellings and the inclusion of low-resolution images.
Regularly backing up data to a cloud or an external hard drive is another way to ensure that if a system is infected with malware, users can wipe the device(s) clean and reboot applications from their backups. Additionally, always be sure systems are operating on their most current software version.
If administrative privileges are not necessary to be accessed by a user, do not conduct work under administrative accounts. Successful ransomware attacks will have the same administrative privileges as the user, so not accessing them in the first place can prevent the attack.
Make sure to access private information on a secure network. Public Wi-Fi is not usually a reliable network and can make users more susceptible to having their information compromised. VPNs, or Virtual Private Networks, eliminate the risk of passwords or confidential information being stolen by guaranteeing the securing transmission of information across the Internet by two networks.
If a user or organization falls victim to a ransomware attack, there are a few key response practices to employ to minimize further risk.
Disconnect the infected device from the network as soon as the malicious software has been identified on that device. To slow the potential spread to other devices, disconnect all devices from the network as soon as possible. Identify which device was the first to be infected and check all other devices for encrypted files. After the incident has been reported to the authorities, evaluate backup options and restore the systems to the best of their ability.
It is important not to pay the attackers the ransom. There is no guarantee that the encrypted information can be recovered to begin with, and in most cases, it can’t. Paying the ransom puts a user or organization at risk for the same thing happening again, which just means more money funneled into the cybercrime industry.
RIT is excited to announce a new and engaging information security awareness opportunity partnered with Living Security, a company that specializes in high production training programs. CyberEscape Online is an exciting adventure where you will have to work with your team to solve digital puzzles within a certain amount of time. Teamwork, problem solving, and good security habits will all be necessary to complete the objective in the time given. Check out the trailer for CyberEscape Online and visit our website for more information!
The program is a completely virtual escape room from which IACA had to escape – the catch is that we were only given one hour to research topics and solve puzzles to escape.
Although IACA found the program to be fun and easy to follow, the true point of the escape room is to educate participants about key cybersecurity risks which have proliferated in the virtual world. Through the escape room, IACA was responsible for identifying poor cyber habits and learned the importance of having a vigilant and skeptical mindset when operating in the digital world.
Through reading news articles and profiles about employees, IACA learned the dangers of online presences and social engineering (i.e., the use of deception to manipulate individuals into divulging confidential or personal information). IACA learned tips on how to spot malicious or phishing emails and the importance of strong and unique passwords.
Everyone knows that universities have been an increasingly attractive target for bad actors in the cyber world – including, but not limited to, phishing and ransomware attacks. IACA was able to escape the escape room by working together and practicing good cyber hygiene – can you and your department do the same?
Training Opportunities Provided by IACA
Internal Controls and Fraud in the Workplace
During the 2.5 hour Internal Controls and Fraud in the Workplace class, the importance of, components of, and the responsibility for establishing and maintaining effective internal controls are discussed. Various examples of what can happen when controls are non-existent or break down (i.e., fraud) are shared throughout the class. The session is required in order to receive the RIT Accounting Practices, Procedures and Protocol Certificate of Completion. However, anyone interested in learning about internal controls and fraud prevention is welcome to attend.
The next training session of Internal Controls & Fraud in the Workplace is: Wednesday, January 26, 2022, 1:30 to 4:00 PM Wednesday, May 11, 2022, 9:00-11:30 AM-Location TBD
Unit Level Risk Assessment—How to Advance Your Organization’s Agility
The first step towards successfully managing risk is to implement an effective risk assessment methodology. Risk assessment is a systematic process for identifying and evaluating both external and internal events (risks) that could affect the achievement of objectives, positively or negatively. During this 2.5 hour class, we will discuss the key components of an effective risk assessment process and how to integrate it into the business process to provide timely and relevant risk information to management. To learn more about these important topics, sign up for a session in the RIT Talent Roadmap.
The next training session of Unit Level Risk Assessment is: Wednesday, April 6, 2022, 1:30-4:00 PM-Location TBD
Correctly answer the question below to be entered in a drawing to win a prize valued at $15. The winner is chosen randomly and notified by email.
Best Practices to implement to prevent a ransomware attack include:
Learning how to identify a suspicious email, pop-up ad, or link
Regularly backing up data to a cloud or external hard drive
Making sure to access private information on a secure network
All of the above
Watch IACA’s Monday Minute video series here!
Our video series focuses on opportunities for improving internal controls and increasing awareness of various university processes, policies, and protocols. If you have questions, feel free to contact anyone in the IACA office using information on our webpage. Just to name a few, past topics include: Travel Policy changes, FERPA Regulations, RIT’s Ethics & Compliance Hotline, Records Management Policy, Risk Assessment and many others.