Readers of Apex Technology Services articles are well aware that ransomware has morphed into Extortionware and more recently has added an affiliate program. In short, hackers as recently as a year ago were satisfied with pure ransomware.
The way this worked was, the hacker would typically get someone in the company to click on an email or other message with a link to malware. Once activated, this rogue program would scramble all the files on a computer network. The only solution was to enter a password to get the files to return to normal.
Companies had the option to pay the ransom and hope they received a password that unscrambled their files. They could also wipe their computers and servers and restore from backups – a painful and expensive process.
There are ethical issues here as well. Often, hackers are part of criminal gangs or terrorist groups. We’ve asked the FBI repeatedly if a person pays a ransom and it is linked to ISIS, are they in fact funding terrorism and is it illegal to do so?
We have yet to receive a response but from an ethical perspective, if you pay the ransom, you at least know you are funding criminal activity and this money will likely be used to perpetrate more cybercrimes.
Speaking of crime... We hear often that crime doesn’t pay. Well if you live in the many parts of the world where U.S. law enforcement can’t get to you, crime pays exceedingly well.
In these parts of the world, there is so little fear of being arrested for hacking that the bad guys have had time to evolve ransomware to Extortionware. They did this because companies were not all paying the ransom. Some were opting to purchase solutions like those from Datto which keep a copy of all the files on a network in the cloud and locally as well.
In this manner, the company avoids a forced ransom payment as they can just restore from backup.
Sure, there will be lots of lost productivity, but many people don’t want to fund criminals.
And these criminals are crafty, as they devised a way to force companies and other organizations to pay – even if they have backups and are willing to endure the painful process of restoring their computers.
They threaten to share the contents of the files publicly.
They start to dribble out the directories of the files they have and then a little at a time, the files start to appear.
At this point, an organization has to decide what to do.
Do they lose the trust of their customers and employees by allowing valuable data to leak? This could also include trade secrets, salaries and other sensitive HR information. It’s no wonder, so many organizations, even major cloud companies feel forced to pay. Recently, the Clark County school district in Nevada refused to pay and information was dumped on the internet - including the social security numbers of students.
First reported on September 8 by the Associated Press, the school district said its computer systems had been infected with malware on August 27, locking up access to files.
Hackers have been very aggressive in targeting schools lately. We reported earlier this month that Hartford, CT schools were kept from opening because of ransomware. Also, SUNY Erie Community College was Hit by Ransomware in July. Michigan State was hacked in June. We also know that foreign governments are focusing on hacking universities.
Others need to learn from this and be sure to steer clear of the same mistakes.
Ask the experts at Apex Technology Services about how we can help your organization stay secure