Category Archives:
Ransomware

On February 8th, 2016, Horry County Public School District, located in South Carolina, realized they had fallen victim to ransomware. Over 100 of their servers and systems were shut down to keep the ransomware virus from spreading. The hackers demanded that Horry County Public Schools pay them approximately $8,500, otherwise the school district would lose their data forever.

What is ransomware? If you are unfamiliar with this term, now is the time to become familiar with it. Ransomware is a form of computer virus that discreetly corrupts files, and, as the name indicates, demands that a target pay for those files to be restored. Ransomware can have different disguises but the two main types of ransomware are locker ransomware (computer locker) and crypto ransomware (data locker).

Locker ransomware denies access to the computer or device. Crypto ransomware prevents access to files or data and does not necessarily have to use encryption to stop users from accessing their data, although the majority of it does. Ransomware is a 445 billion dollar industry and cyber criminals have no plans to stop anytime soon.

The only way the Horry County School District could recover their data was to pay the ransom so they could receive the encryption keys to unlock their data. However, the hackers requested for the ransom to be paid in Bitcoin (BTC). BTC is a decentralized peer-to-peer payment network that is powered by its users with no middlemen. It is very much like cash for the Internet. Since Horry County Schools were not at all familiar with BTC, they they reached out to Troy Wilkinson, current CEO and Co Founder of Axiom Cyber Solutions, for help. Troy stated that,

“Unfortunately, ransomware is only becoming more and more of a problem. These cyber criminals are banking on the fact that most people do not back up their data and are willing to pay dearly for that data back. We at Axiom feel so strongly about ransomware that we currently have patent pending prevention. Our technology empirically detects and stop ransomware once it’s activated on a network.”

Axiom Cyber Solutions was able to get the 22 BTC (approx $8,500) and paid the hackers. Horry County School Systems have had all their data restored and things are back to normal. Unfortunately, all organizations such as schools, universities, hospitals, and more will continue to be hit with ransomware. Even the FBI is encouraging people to pay up, if they want their data back.

Recently, during the 2015 Boston Cyber Security Summit, Joseph Bonavolonta, an assistant special agent in charge of the FBI’s Cyber and Counterintelligence Program in the Boston office stated,

“The easiest thing may be to just pay the ransom. The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”

Simply having antivirus protection does not stop ransomware. The FBI recommends the following tips to help avoid ransomware.

1. Make sure you have updated antivirus software on your computer.
2.Enable automated patches for your operating system and web browser.
3. Have strong passwords, and don’t use the same passwords for everything.
4. Use a pop-up blocker.
5. Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).
6. Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.
7. Use the same precautions on your mobile phone as you would on your computer when using the Internet.
8. To prevent the loss of essential files due to a ransomware infection, it’s recommended that individuals and businesses always conduct regular system back-ups and store the backed-up data offline.

Axiom Cyber Solutions offers the Axiom Sentinel, an enterprise firewall and security appliance, to help with ransomware by making sure that criminals have no way to call home. Sentinel makes malware and ransomware communication out of your network impossible, rendering these applications ineffective and unable to encrypt your data. We have identified key transactions in the TCP/IP stack that must occur when a ransomware is executed. This allows us to block ransomware communication in real time.

Ransomware infections will continue to rise and will evolve with new social and technological attack vectors. It’s important for any organization or individual with sensitive data to exercise caution and deploy best practices in securing your network.

Axiom’s solutions come in different sizes and all of our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Imagine the following scenario. You receive an e-mail that appears to be from, for all intents and purposes, your superior. There’s a familiar link to a payroll policy update included and you click to investigate. Soon after, a pop up has appeared on your computer screen informing you that your system and data are locked – and access can only be restored if a payment is made. At this point, you realize that you have been infected with something and the only two options you have are to either pay the ransom, or to ignore it, effectively losing all of the data on your system and/or network.

This is a classic example of digital extortion by ransomware.  Ransomware is defined as a kind of malware that locks your computer screen and prevents you from accessing your data until you pay the “ransom” to the cybercriminal. Money of course is the motivating factor for these cyber criminals and ransomware is only increasing and making it easier for them to follow the money. A report by the Cyber Threat Alliance found that ransomware generated more than 325 million dollars in ransom income. Ransomware is only going to evolve. In fact, ransomware hackers are now threatening to publish your personal files on the web if you do not pay up. The threat of having your personal data and files in the public domain is terrifying for those who possibly have embarrassing or sensitive data.

It should come as no surprise that many businesses will choose to simply pay off the ransom. In fact, recent headlines show that even the FBI is encouraging people to pay up.

Recently, during the 2015 Boston Cyber Security Summit, Joseph Bonavolonta, an assistant special agent in charge of the FBI’s Cyber and Counterintelligence Program in the Boston office stated,

“The easiest thing may be to just pay the ransom. The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”

Ransomware relies on the human aspect and programs like antivirus protection are not guaranteed to stop ransomware. The FBI recommends the following tips to help avoid ransomware.

1. Make sure you have updated antivirus software on your computer.
2. Enable automated patches for your operating system and web browser.
3. Have strong passwords, and don’t use the same passwords for everything.
4. Use a pop-up blocker.
5. Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).
6. Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.
7. Use the same precautions on your mobile phone as you would on your computer when using the Internet.
8. To prevent the loss of essential files due to a ransomware infection, it’s recommended that individuals and businesses always conduct regular system back-ups and store the backed-up data offline.

However, these tips still offer no guarantee that protects you from ransomware.

Axiom Cyber Solutions offers the Axiom Sentinel, an enterprise firewall and security appliance, to help with ransomware by making sure that criminals have no way to call home. Sentinel makes malware and ransomware communication out of your network impossible, rendering these applications ineffective and unable to encrypt your data. We have identified key transactions in the TCP/IP stack that must occur when a ransomware is executed. This allows us to block ransomware communication in real time.

Ransomware infections will continue to rise and will evolve with new social and technological attack vectors. It’s important for any organization or individual with sensitive data to exercise caution and deploy best practices in securing your network.

Axiom’s solutions come in different sizes and all of our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Axiom researcher Linda Johnston, in Las Vegas, Nevada contributed to this article.