The Quaestor - Volume 16, Issue 2

What is Ransomware?

Ransomware is malware, or malicious software, that uses encryption to hold a victim’s information for ransom. After a user or organization’s files, databases, or applications become encrypted, attackers will ask for a fee before providing a decryption key that will allow access to the stolen information again. There is typically no alternative to recovering encrypted data. Ransomware is usually installed on a computer from a phishing email, a pop-up, or malicious advertising. Anti-malware services may or may not detect a malicious attachment, so it is important for users to stay vigilant.

As stated by McAfee, an American global computer security software company, “Ransomware is often designed to spread across a network and target database and file servers, and can thus quickly paralyze an entire organization” (McAfee). Particularly in light of the COVID-19 global pandemic, there has been a steady and significant increase in corporate-level cybercrime, which has caused billions of dollars in payouts from companies and organizations attempting to cover the expenses of information compromises.

How Does Ransomware Operate?

Ransomware uses asymmetric encryption, a secure messaging technique that uses a pair of keys to encrypt and decrypt a file. The two keys are created by the attacker specifically for the victim, with only the attacker having access to the one that will decrypt the files on their server (McAfee). The decryption key is only available to the victim once the ransom has been paid, otherwise, it is almost impossible for the victim to decrypt the files themselves.

There are numerous types of ransomware currently circulating online. As mentioned, one of the most common ways ransomware is introduced to a network is through phishing emails that contain malicious links. Malware needs an attack vector (a specific path to break into a system) to connect to an endpoint within the victim’s network (McAfee). Once it has connected, after a link is clicked or a malicious file has been downloaded, the malware remains in the user’s system until it has located files for the attacker to encrypt, such as entire databases worth of confidential documents and images. Ransomware is designed to locate vulnerabilities within a network and then spread to other systems to accomplish the same task.

Once ransomware has successfully been implemented in a user or organization’s computer system, it will prompt them to pay the fee or lose their information forever.

Ransomware in Higher Education:

In September of this year, Howard University fell victim to a ransomware attack that forced a two-day campus-wide shut down. In an official statement released by Howard on September 3, “we know the University has experienced a ransomware cyberattack, causing some functions critical to the University to shut down” (Howard University 2021).

Universities are a common target of ransomware attacks because they possess a broad network of both private and confidential information. Additionally, colleges do not always have the resources to prevent cybercriminals from infiltrating their systems, such as well-staffed cybersecurity teams to properly manage the high volume systems.

Universities are not the only institutions seeing a rise in ransomware attacks over the past several years. Throughout the course of the pandemic, there have been stark increases in cyberattacks on individuals, but there has also been a rise in high-profile ransomware attacks. Just this year, the NBA, Kia Motors, and CNA Insurance were among several major companies that suffered financial loss and information compromises as a result of ransomware attacks, in addition to Howard just this past month. (Touro College 2021).

Ransomware technology is rapidly spreading as cybercriminals create new malware samples on demand and create cross-platform ransomware.

How to Prevent a Ransomware Attack:

There are several best practices to implement that can prevent a ransomware attack.

Learn how to identify a suspicious email, pop-up ad, or link. Not clicking on malicious links in the first place is a necessary precaution that needs to be taken in order to protect sensitive information. If an email looks suspicious, be sure to verify the sender’s email address, check the body of the message for spelling or grammar errors, and carefully read attachment titles before clicking on them. An obvious giveaway of a phishing email is misspellings and the inclusion of low-resolution images.

Regularly backing up data to a cloud or an external hard drive is another way to ensure that if a system is infected with malware, users can wipe the device(s) clean and reboot applications from their backups. Additionally, always be sure systems are operating on their most current software version.

If administrative privileges are not necessary to be accessed by a user, do not conduct work under administrative accounts. Successful ransomware attacks will have the same administrative privileges as the user, so not accessing them in the first place can prevent the attack.

Make sure to access private information on a secure network. Public Wi-Fi is not usually a reliable network and can make users more susceptible to having their information compromised. VPNs, or Virtual Private Networks, eliminate the risk of passwords or confidential information being stolen by guaranteeing the securing transmission of information across the Internet by two networks.

Ransomware Response:

If a user or organization falls victim to a ransomware attack, there are a few key response practices to employ to minimize further risk.

Disconnect the infected device from the network as soon as the malicious software has been identified on that device. To slow the potential spread to other devices, disconnect all devices from the network as soon as possible. Identify which device was the first to be infected and check all other devices for encrypted files. After the incident has been reported to the authorities, evaluate backup options and restore the systems to the best of their ability.

It is important not to pay the attackers the ransom. There is no guarantee that the encrypted information can be recovered to begin with, and in most cases, it can’t. Paying the ransom puts a user or organization at risk for the same thing happening again, which just means more money funneled into the cybercrime industry.

Additional Resources:

Fruhlinger, J. (2020, June 19). Ransomware explained: How it works and how to remove it. CSO Online. Retrieved September 26, 2021, from https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-wor…

Howard University. (2021, September 3). Ransomware updates. Retrieved September 25, 2021, from https://howard.edu/ransomware-updates

ISO Admin. (2011, December 9). Virtual Private Networks. RIT ISO. Retrieved September 27, 2021, from https://www.rit.edu/security/content/virtual-private-networks

ISO Admin. (2017, March 2). Ransomware. RIT ISO. Retrieved September 27, 2021, from https://www.rit.edu/security/content/ransomware-0

Lumpkin, L. (2021, September 9). Howard cancels another day of online and hybrid classes as officials investigate alleged cyberattack. The Washington Post. Retrieved September 25, 2021, from https://www.washingtonpost.com/education/2021/09/08/howard-university-r…

McAfee. (n.d.). What is Ransomware? McAfee. Retrieved September 27, 2021, from https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware.h…

Ngo, M. (2021, September 7). Howard University hit by a ransomware attack. The New York Times. Retrieved September 27, 2021, from https://www.nytimes.com/2021/09/07/education/howard-university-ransomwa…

Touro College. (2021, June 10). The 10 biggest ransomware attacks of 2021. Touro College Illinois. Retrieved September 24, 2021, from https://illinois.touro.edu/news/the-10-biggest-ransomware-attacks-of-20…

You may recall from our last edition:

CyberEscape Online

RIT is excited to announce a new and engaging information security awareness opportunity partnered with Living Security, a company that specializes in high production training programs. CyberEscape Online is an exciting adventure where you will have to work with your team to solve digital puzzles within a certain amount of time. Teamwork, problem solving, and good security habits will all be necessary to complete the objective in the time given. Check out the trailer for CyberEscape Online and visit our website for more information!

IACA Escaped! Can you?

In September, IACA participated in the Cybersecurity Escape Online.

The program is a completely virtual escape room from which IACA had to escape – the catch is that we were only given one hour to research topics and solve puzzles to escape.

Although IACA found the program to be fun and easy to follow, the true point of the escape room is to educate participants about key cybersecurity risks which have proliferated in the virtual world. Through the escape room, IACA was responsible for identifying poor cyber habits and learned the importance of having a vigilant and skeptical mindset when operating in the digital world.

Through reading news articles and profiles about employees, IACA learned the dangers of online presences and social engineering (i.e., the use of deception to manipulate individuals into divulging confidential or personal information). IACA learned tips on how to spot malicious or phishing emails and the importance of strong and unique passwords.

Everyone knows that universities have been an increasingly attractive target for bad actors in the cyber world – including, but not limited to, phishing and ransomware attacks. IACA was able to escape the escape room by working together and practicing good cyber hygiene – can you and your department do the same?