On February 8th, 2016, Horry County Public School District, located in South Carolina, realized they had fallen victim to ransomware. Over 100 of their servers and systems were shut down to keep the ransomware virus from spreading. The hackers demanded that Horry County Public Schools pay them approximately $8,500, otherwise the school district would lose their data forever.
What is ransomware? If you are unfamiliar with this term, now is the time to become familiar with it. Ransomware is a form of computer virus that discreetly corrupts files, and, as the name indicates, demands that a target pay for those files to be restored. Ransomware can have different disguises but the two main types of ransomware are locker ransomware (computer locker) and crypto ransomware (data locker).
Locker ransomware denies access to the computer or device. Crypto ransomware prevents access to files or data and does not necessarily have to use encryption to stop users from accessing their data, although the majority of it does. Ransomware is a 445 billion dollar industry and cyber criminals have no plans to stop anytime soon.
The only way the Horry County School District could recover their data was to pay the ransom so they could receive the encryption keys to unlock their data. However, the hackers requested for the ransom to be paid in Bitcoin (BTC). BTC is a decentralized peer-to-peer payment network that is powered by its users with no middlemen. It is very much like cash for the Internet. Since Horry County Schools were not at all familiar with BTC, they they reached out to Troy Wilkinson, current CEO and Co Founder of Axiom Cyber Solutions, for help. Troy stated that,
“Unfortunately, ransomware is only becoming more and more of a problem. These cyber criminals are banking on the fact that most people do not back up their data and are willing to pay dearly for that data back. We at Axiom feel so strongly about ransomware that we currently have patent pending prevention. Our technology empirically detects and stop ransomware once it’s activated on a network.”
Axiom Cyber Solutions was able to get the 22 BTC (approx $8,500) and paid the hackers. Horry County School Systems have had all their data restored and things are back to normal. Unfortunately, all organizations such as schools, universities, hospitals, and more will continue to be hit with ransomware. Even the FBI is encouraging people to pay up, if they want their data back.
Recently, during the 2015 Boston Cyber Security Summit, Joseph Bonavolonta, an assistant special agent in charge of the FBI’s Cyber and Counterintelligence Program in the Boston office stated,
“The easiest thing may be to just pay the ransom. The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”
Simply having antivirus protection does not stop ransomware. The FBI recommends the following tips to help avoid ransomware.
1. Make sure you have updated antivirus software on your computer.
2.Enable automated patches for your operating system and web browser.
3. Have strong passwords, and don’t use the same passwords for everything.
4. Use a pop-up blocker.
5. Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).
6. Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.
7. Use the same precautions on your mobile phone as you would on your computer when using the Internet.
8. To prevent the loss of essential files due to a ransomware infection, it’s recommended that individuals and businesses always conduct regular system back-ups and store the backed-up data offline.
Axiom Cyber Solutions offers the Axiom Sentinel, an enterprise firewall and security appliance, to help with ransomware by making sure that criminals have no way to call home. Sentinel makes malware and ransomware communication out of your network impossible, rendering these applications ineffective and unable to encrypt your data. We have identified key transactions in the TCP/IP stack that must occur when a ransomware is executed. This allows us to block ransomware communication in real time.
Ransomware infections will continue to rise and will evolve with new social and technological attack vectors. It’s important for any organization or individual with sensitive data to exercise caution and deploy best practices in securing your network.
Axiom’s solutions come in different sizes and all of our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom