Agencies need to understand the risks of a ransomware attack
Mar 15, 2016
The growing concern of cyberattacks directed at government agencies cannot be ignored. However, foreign nations attempting to gain access to confidential U.S. data may not be the only issue at play here. Incidents of ransomware – a type of cyberattack that encrypts the users files and demands compensation before the person can regain access – are growing rapidly. What's more, it appears the hackers behind these attacks are becoming bolder every day.
What does this malware mean for government agencies, and what can be done to stop it in its tracks?
Ransomware on the rise
Although ransomware has been around for more than a decade – according to Symantec, the first observable instance of it was in 2005 – this form of cybercrime has just now begun to increase in popularity among the online underworld. In fact, its use has been absolutely skyrocketing recently. The McAfee Labs Threats Report from November 2015 found as much when adding up the total ransomware observations. The study found that in Q3 2015, there were around 5 million total pieces of ransomware. That'smore than double the amount of the previous year.
These numbers show how incredibly fast ransomware attacks are growing, which makes a lot of sense if considered from the point of view of a cybercriminal. First, they offer an unmatched level of anonymity. Hackers often ask for the ransom in bitcoins, a nearly-untraceable mode of payment that allows the criminal to hide his or her tracks.
The other major factor in ransomware's rapid growth is the fact that it doesn't require a whole lot of work or technological know how on the hacker's part. Basically, all a hacker has to do is comb social media sites looking for the email information of people inside institutions the scammer wants to hit. Once that's done, they just have to write a bogus email containing a ransomware-infected link and wait for someone to click it.
The hardest portion of this whole operation is undoubtedly the creation of the ransomware itself, but even that isn't much of an obstacle anymore. A separate report put out by McAfee warned of "ransomware as a service." This is where criminals go online and purchase the ransomware from a tech-savvy hacker, then using this software to infect victims the world over. This means that quite literally anyone with the proper connections could begin a ransomware attack, showing just how dangerous this kind of malware is.
Police departments have been targeted before
A prime example of how these kinds of attacks can be levied against government facilities is the incident that befell the Melrose Police Department in Massachusetts. A detective for the department opened an email containing the malware, which then went on to infect the entire computer, according to the Melrose Free Press. The entire organization had been sent the email, but thankfully only one individual fell for the scam.
However, IT Director for the city of Melrose Jorge Pazos wanted to take steps to ensure that the department's files were kept safe. TriTech, software used for logging activities, was shut down to make sure the malware didn't spread. This required officers to book suspects by filing physical reports.
Perhaps the worst part of this entire ordeal was the fact that the Melrose Police Department was forced to actually pay the hacker one bitcoin to end the encryption. Although that only amounts to $489, giving the criminal the ransom has showed the hacking community that the police are reliable targets. What's more, this attack has revealed that government agencies are open to ransomware attacks. If a police detective can't be trusted to not click suspicious links, who else is at risk?
What's to be done?
The only way to slow down ransomware's momentum is to train agency employees of the risks that they face. Workers need to know what a ransomware attack can look like, as well as how to report suspicious activity. Humans are always the weakest link in the cybersecurity chain, and proper education can strengthen defenses. The fact that criminals can now outsource the actual software's creation to someone on the Web means this problem might get worse before it gets better, and government agencies need to prepare themselves for the storm to come.