City power confirmed in a tweet this morning that the power utility had been hit by a ransomware attack. This attack has compromised its web server, databases, applications, and network. According to the tweet, their IT department is cleaning and rebuilding all affected applications. There is no ETA on when it will be fixed, but for now, the lights remain on.
What is Ransomware?
Ransomware is a malicious software virus that infects a computer, network or data. During the infection, your computer will either be locked or your data encrypted, held hostage, and the only way you can regain access is by paying a “ransom”. Ransom is typically demanded in Bitcoin, a largely anonymous currency, which is often used in cyber black markets. Ransomware is classified as a “denial of access” attack, denying the victim access to the electronic device or data stored on the device until a ransom is paid. Distributing ransomware is a criminal activity, and even though the technology it utilises is quite sophisticated, the prevalence of ransomware hinges on the exploitation of the human element – as do most criminal activities. Malware such as ransomware is not a new phenomenon, but it has become increasingly widespread and invasive in recent years.
Who creates Ransomware?
Ransomware is created by criminals with the intent to vandalize, swindle, blackmail or demand ransom from victims. These criminals violate technology to create a platform to engage in criminal activity and are usually referred to as cybercriminals. Ransomware criminals use coercion tactics to ensure they get what they want. Some coercion tactics involve scaring victims into thinking they have committed a crime by visiting a restricted website or threatening to delete some data every 30 minutes until the ransom is paid
The ransomware business model today is so mature that cybercriminals are going as far as working to provide a pleasant “customer” experience (strange as it may sound) to ensure that it is as easy as possible for victims to convert money into Bitcoin and pay the ransom in question. In some cases, this includes the provision of telephone support.
How do I avoid Ransomware as a business?
The first is to practice proper email hygiene. Avoid opening any suspicious-looking emails. Be cautious of clicking links or opening attachments in emails you are not familiar with. This is the easiest way for malware to infect your electronic device. If you suspect anything suspicious is happening on your computer, disconnect from the internet immediately. This will prevent any unwanted transmission of data or information.
Always use reputable anti-virus software. Some ransomware strains have been so creative as to mimic anti-virus software interfaces and fool the victim to “run a security scan”. For this reason, be sure that you use a trustworthy security software provider. Do proper vetting, and don’t compromise your digital safety for a cheaper option. Enable pop-up blockers in your browser and be sure that your security software offers browser security extensions as well. Pop-ups are an easy way to get a victim to engage with and allow ransomware to populate.
The number one piece of advice that anti-ransomware specialists offer is to back up all data, outside of your own Local Area Network (LAN). It is important that you can recover an entire system and that your backup is isolated from your network to keep it safe from the infection. If you back up in this manner and you happen to be unfortunate and suffer a ransomware attack, you can format everything to rid yourself of the ransomware infection and then do a full system recovery. This way you will not have to engage with the ransomware at all and you can restore your computer to the way it was before it was compromised.