Imagine a criminal breaking into your home, but instead of taking anything, they change the locks and tell you to pay them or they will not give you the new keys. This is what Ransomware does, though instead of your home, it is all of the files on your computer. Files you need to access in order to do your job. These criminals plan on using that need for their own profit.
Here is an article from The Washington Post that demonstrates just how bad this type of malware can be for your city.
What it is?
Ransomware is a type of malware that uses encryption to restrict access either by locking files or by inhibiting entry into the system altogether. Once the system is encrypted, it is very difficult, or impossible, to gain access again on your own. The malware operators then require payment before they unlock the system (which they may not do even if they are paid).
The pop up message requesting payment may be disguised as a fake warning pretending to be from a law enforcement agency locking your system claiming that it has been used for illegal purposes, or even Microsoft stating the version of windows you are running is pirated. Do not be fooled by this, call an IT professional and the police immediately. Do not turn any infected systems off either, doing so may actually make the IT pro’s job more difficult.
What you can do to protect yourself?
The typical method malware, such as ransomware, gets on your system is through some form of download. It may be hidden in something you download, so be sure to only download files or programs from trusted sites.
Another method used to infect your computer is phishing emails. These are spam emails used to trick you into clicking a link that will take you to a fraudulent site that will download the malware to your system. Make sure you’re using some form of anti-virus software that includes email checking. The best practice is to delete any emails from sources you don’t know. Never click any links in emails unless they are from a trusted source. Also be wary of emails that appear to be from trusted sources that contain just links or a simple phrase such as, “check out this video!” or “this site is so great!” The trusted source may have gotten a virus, and that virus is sending those emails, or the email may contain a spoofed address.
For other ways to protect yourself, you can also check out our On the Line blog on this topic by LMC’s Greg Van Wormer.
Backup you system regularly!
It may be impossible to recover your files once they have been encrypted by ransomware; however, if you have your data backed up, you can limit the how much information you lose.
Cities should be backing up their systems, at least weekly (nightly is better!), and storing backups in a place safely offline and away from any computers that may become infected. Consider using a rotating backup schedule, allowing for multiple backups to be retained. If you do use such a schedule please consult with your city’s Responsible Authority to ensure your backup schedule meets your city’s records retention schedule.
What should you do if you get it?
Despite your best efforts, you may still find yourself the victim of ransomware. Should this be the case, call the police, an IT professional (if you have one in house), and LMCIT right away, as mitigation may be covered under your Property/Casualty insurance. Whatever you do, Do Not Pay the Ransom, there is no guarantee they will actually remove the ransomware should you pay it.
Computers and the internet are a great resource, please remember to use them safely.