By Michael Benadiba
Special to the Financial Independence Hub
Last year, the University of Calgary got hacked. The university was hosting a conference with thousands of professors and on the first day problems started to appear with the databases.
The school’s IT department said this was due to a type of malware called ransomware. Before long, people on the campus had to communicate with one another via walkie-talkies, since the email system was suspended. Then it came back up again. How? The university paid the hackers a $20,000 ransom.
Both Windows and Mac PCs targeted
Although ransomware has been around for some time, it just now is becoming well known. It targets computer operating systems like Windows 7, 8 or 10 and Mac OS X, which means any organization using such operating systems is potentially vulnerable. And that’s a lot of organizations.
Consider that universities, which are generally not known to be highly secure when it comes to data, run on Windows. So do hospitals. In fact, at least three hospitals in the United States have already been subjected to ransomware: Kansas Heart Hospital in Wichita, Presbyterian Medical Center in Los Angeles, and MedStar Health in Washington. And in March there was a CBC report about a hospital in Simcoe, Ontario possibly being infected with ransomware.
1,762 cyber security incidents last year in Canada alone
According to the FBI, U.S. victims of ransomware reported fix-up costs of $209 million US in the first quarter of this year, which is almost ten times the total for the entire year of 2015. Canada is susceptible, too. The Canadian Cyber Incident Response Centre reports no fewer than 1,762 incidents involving cyber security in the country last year. And that’s only what got reported.
So how exactly does ransomware work? A new family of ransomware called Cryptolocker is based on extorting money from users. It has its roots in malware known as Police Virus. That one would ask users to pay a fine so they could have their computers unlocked. But Cryptolocker is more dangerous because it hijacks documents and then asks the users of those documents to pay a ransom, usually with a time limit attached.
Beware fake installers, often for Adobe Flash
Microsoft recently issued an alert about a new strain of ransomware called ZCryptor which works like a worm and spreads through removable drives and network drives. Microsoft said the strain uses fake installers, usually for Adobe Flash, along with macro-based Microsoft Office files which come booby-trapped. You simply install the fake Adobe Flash and presto – the ZCryptor ransomware is on your computer. It then adds a key to the computer’s registry and starts to encrypt tiles. According to Microsoft, this ransomware was targeting 88 different types of files.
Just like a cancer, ZCryptor can copy itself to all your system’s drives. Then you receive a ransom note demanding payment in bitcoins and you have to pay in four days. Or else.
Remember the 1983 film War Games? It was about a teenage techie who got into the military’s central computer and pretty soon no one could tell the difference between a game and reality, and World War III hung in the balance. It’s now more than three decades since that time and computer systems are far more complex – and vulnerable – to cyber-criminals. What if the computer system at Mt. Sinai Hospital is hacked? Or a major university? Or a bank? Is our banking system even safe? What about all your savings and investments?
Ransomware will encrypt all your data and that’s a concern for you personally and especially if you are running a business; the whole organization could be infected. Banks and financial service organizations tend to run on mainframe computers, which makes it harder for ransomware. But your wealth-management advisor could be hacked, you could be in danger of losing your files, and your identity could always be stolen. These are all distinct possibilities.
What you can do
To tell you the truth, nothing is totally safe. Hackers and cyber-criminals are very advanced and are usually at least one step ahead of the authorities. But that doesn’t mean you can’t protect yourself from ransomware. And so can any organization. Here’s what to do …
- Make sure all your files are backed up to a place that is not directly connected to your computer or network. If the virus can access your external backup hard drive, it will also get infected by the ransomware.
- Regularly update your anti-virus software and computer firewalls.
- Ensure that your employees are aware of the dangers of potentially disruptive e-mails that come with hyper-links.
- Ensure that your employees watch out for messages that are fake ads, that impersonate websites (i.e., an airline or wireless provider), and that are social media scams.
- Never open an attachment from someone you don’t know
3 ways to be proactive about Ransomware
And if you’re really serious about preventing ransomware, here are some proactive things you can do.
- Use an email security system. Hackers are becoming more savvy, but an email security system will identify web links that activate ransomware. [It will also disable executables – files that start, even without you clicking on them.]
- An Intrusion Detection and Prevention System will block suspicious outbound data streams by tapping into incoming and outbound data packets. This lets you fine-tune your security’s firewall so it can’t be hijacked by malware.
- Give employees restricted privileges. That means allowing only limited access to sensitive information and programs.
Do all these things and you, and everyone in your organization, will sleep better at night and, hopefully, keep the hackers at bay.
Michael Benadiba is president and Chief Technology Officer of MBC Managed IT Services, a leading technology company with small to medium-sized clients who want the full benefits of the latest technology, like cloud computing, without resorting to big-enterprise budgets. Clients are organizations with 35 to 200 employees that don’t want to run their own IT departments so they outsource to MBC. This blog originally appeared on the Hub in 2016.