At DHS, we’ve recently observed an increase in ransomware attacks across the country. Ransomware is a type of malicious software, or malware, designed to block access to a computer system until a ransom is paid. Ransomware is typically spread through phishing emails or by unknowingly visiting an infected website.
Criminals may try to persuade you to inadvertently download ransomware, which would then infect your computer. For example, if you’re visiting a website, you may see a message like, “Your computer has been infected with a virus. Click here to resolve the issue.” In these cases, the computer has not yet been infected with ransomware, but clicking the link downloads the ransomware onto your computer.
After you download ransomware, a pop-up message will appear on your computer screen alerting you that your computer has been locked and that your files have been encrypted. Ransomware messages typically say something like, “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.” Or, “All files on your computer have been encrypted. You must pay $500 within 72 hours to regain access to your data.”
Ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government or law enforcement agencies, healthcare systems or other critical infrastructure entities. Recovery can be a difficult process that may require the services of a reputable data recovery specialist, and some victims pay to recover their files. There is no guarantee that your files will be recovered if you pay the ransom.
The U.S. Computer Emergency Readiness Team (US-CERT) released an alert last week with precautions organizations can take to protect against the threat of ransomware. These include:
- Employ a data backup and recovery plan for all critical information and back up your data on a regular basis. Ideally, this data should be kept on a separate device and should be stored offline.
- Update software and operating systems with the latest patches. Out of date applications and operating systems are the target of most attacks. Keeping them up to date greatly reduces the number of exploitable entry points available to an attacker.
- Restrict users’ ability (permissions) to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through your network.
- Remind employees to never click unsolicited links in emails.
- Follow safe practices when browsing the Internet. Read Good Security Habits and Safeguarding Your Data for additional details.
More precautions and technical information is available in the alert from US-CERT.
If you believe your data has been encrypted with ransomware, report it to DHS at www.us-cert.gov/report, or contact your local FBI Field Office or Secret Service Field Office.