Subscribe to Email Updates

If Ransomware Strikes, Will You Be Protected?

If Ransomware Strikes, Will You Be Protected?

On April 24, 2018, hackers compromised the website of the Ukrainian energy and coal ministry. A message was posted to the site demanding a ransom be paid in Bitcoin to recover the encrypted files. This appears to have been an isolated attack that did not impact any other areas of the Ukrainian government.

In the past, ransomware has been used to mask attacks with more destructive intent, but in this case, it appears to be a traditional criminal attacker seeking to make money. The ransomware message was written in English and demanded 0.1 Bitcoin to decrypt the site. That amount of Bitcoin was worth roughly $927 at the time of the compromise but has since fallen to roughly $819.

Ransomware attacks continue to increase in frequency. While it may be possible to pay the ransom and regain access to the encrypted files, in many cases there is no guarantee that paying the ransom will result in the hacker providing the decryption key. The only guaranteed safeguards against ransomware are to maintain a secure system and back up important information. Having frequent comprehensive backups — a result of good cybersecurity planning — will provide a recovery method that doesn’t depend on the goodwill of the attacker.

Here are three things to consider when building out your protection against ransomware attacks:

  1. Have good anti-virus protection in place and get it in place before an attack can occur.
  2. Good backups are extremely important. Maintaining current backups can help you restore your system without having to pay the ransom.
  3. Be careful what you click on. Links and attachments in emails are the common entry points of ransomware attacks.

Leave a comment

Alexandra Wiesehan
Written by Alexandra Wiesehan
Alexandra Wiesehan is a section manager in the Burns & McDonnell Compliance & Critical Infrastructure Protection Group. She leads a team of more than 20 with a focus on cybersecurity, physical security and regulatory compliance. Her experience includes cyber vulnerability assessments and technical implementation of the NERC CIP Standards for electric power utilities.

Related posts

Securing Grant Funding for the Green Omni Terminal Project
Securing Grant Funding for the Green Omni Terminal Project

Pasha Stevedoring & Terminals, the third-largest independent West Coast terminal operator, had something specific in mind for...

Order 843 and CIP-003-7: How They Will Impact Low Sites
Order 843 and CIP-003-7: How They Will Impact Low Sites

On April 25, 2018, the Federal Energy Regulatory Commission (FERC) published Order 843, effectively approving CIP-003-7...