Subscribe to Email Updates

If Ransomware Strikes, Will You Be Protected?

If Ransomware Strikes, Will You Be Protected?

On April 24, 2018, hackers compromised the website of the Ukrainian energy and coal ministry. A message was posted to the site demanding a ransom be paid in Bitcoin to recover the encrypted files. This appears to have been an isolated attack that did not impact any other areas of the Ukrainian government.

In the past, ransomware has been used to mask attacks with more destructive intent, but in this case, it appears to be a traditional criminal attacker seeking to make money. The ransomware message was written in English and demanded 0.1 Bitcoin to decrypt the site. That amount of Bitcoin was worth roughly $927 at the time of the compromise but has since fallen to roughly $819.

Ransomware attacks continue to increase in frequency. While it may be possible to pay the ransom and regain access to the encrypted files, in many cases there is no guarantee that paying the ransom will result in the hacker providing the decryption key. The only guaranteed safeguards against ransomware are to maintain a secure system and back up important information. Having frequent comprehensive backups — a result of good cybersecurity planning — will provide a recovery method that doesn’t depend on the goodwill of the attacker.

Here are three things to consider when building out your protection against ransomware attacks:

  1. Have good anti-virus protection in place and get it in place before an attack can occur.
  2. Good backups are extremely important. Maintaining current backups can help you restore your system without having to pay the ransom.
  3. Be careful what you click on. Links and attachments in emails are the common entry points of ransomware attacks.

Leave a comment

Alexandra Wiesehan
Written by Alexandra Wiesehan
Alexandra Wiesehan is a section manager in the Burns & McDonnell Compliance & Critical Infrastructure Protection Group. She leads a team of more than 20 with a focus on cybersecurity, physical security and regulatory compliance. Her experience includes cyber vulnerability assessments and technical implementation of the NERC CIP Standards for electric power utilities.

Related posts

FERC Issues Final Rule on Protection System Coordination, Personnel Training in Order 847
FERC Issues Final Rule on Protection System Coordination, Personnel Training in Order 847

On June 7, 2018, FERC issued Order 847, a final rule for “Coordination of Protection Systems for Performance During Faults and...

Corporate Networks Prove Highly Vulnerable to Attacks
Corporate Networks Prove Highly Vulnerable to Attacks

According to a recent report by an enterprise security solution provider, corporate networks are highly vulnerable to attacks...