Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

U.S. and Canada Issue Joint Ransomware Alert

April 6, 2016

On March 31st, as reported by Naked Security, the U.S. and Canada issued a rare joint cyber alert warning about the recent surge in ransomware attacks, in which data is encrypted and criminals demand payment for it to be unlocked.

If you don't have an uninfected backup, you are in trouble. Many victims will make payments in bitcoin to get the decryption key.

From the alert, distributed by the US Department of Homeland Security and the Canadian Cyber Incident Response Centre:

"Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist."

Here are some of the tips provided by the alert to keep your data safe.

  • "Back up your data, preferably on a separate device, and store it offline. That will keep your data safe not just from extortionists but also from natural disasters, such as floods and fires.
  • Use application whitelisting to help prevent malicious software and unapproved programs from running.
  • Keep your operating system and software up-to-date with the latest patches. Most attacks target vulnerable applications and operating systems.
  • Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.
  • Restrict user permissions for installing and running unwanted software applications, and apply the principle of "Least Privilege" to all systems and services. Doing so may prevent malware from running or limit its capability to spread through the network.
  • Avoid enabling macros from email attachments. Macros are how the Locky strain of malware got its hooks into systems: An email contained a document advising the recipient to enable macros, which then triggered malware-installing code to run. The governments' warning suggests that enterprises or organizations might be better off blocking email messages with attachments from suspicious sources.
  • Don't click on links in unsolicited email. For that matter, take care when clicking on links in an email that looks like it comes from somebody you know. As Mattel's $3 million brush with CEO mail scams shows, crooks have gotten good at convincing you their scammy notes are coming from your boss."

The alert advises you not to pay if you get ransomware. That's not so easy when it is YOUR data being held hostage. But even if you pay and get your data decrypted, it doesn't mean the infection has been removed. Ugh. Commit the tips to memory and make sure you follow them!

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson