By Colin Couchman, Western Communications
Did you know that October is Cyber Security Awareness Month? Study after study state that the most effective tool for cyber security is awareness and building a strong culture of cyber resiliency.
At Western, we call this being Cybersmart.
It seems that a day does not go by that we do not read about instances of PHISHing – a type of email that looks legitimate, but actually contains a link to fool you into giving your username and password to potential criminals. We also see articles in our newsfeeds about spyware and the ability for our devices to allow companies (and governments) to see and hear what is happening on our phones.
While all of these examples are serious and require good practices to push back against them, it is ransomware that actually keeps me up at night.
What is Ransomware?
Ransomware is a particular kind of threat where the attacker tricks an unwitting user (such as yourself) into installing code onto a device or sets of devices. Ransomware is a form of malicious software which encrypts or locks all of your files and then demands a ransom in order to regain access to your data. The targets of these attacks are individuals as well as whole organizations.
Several examples of high-profile ransomware attacks have occurred recently, including Stratford, Wasaga Beach, and Woodstock.
How does Ransomware get on my device?
The delivery of this code can take many forms, ranging from an attachment that looks like a document file to clicking on a link in an email that takes you to a website where an installation on your device can occur (this last example is known as a drive-by installation). The delivery of the document file or an email with a nefarious link within will resemble a PHISHing email. Another method for delivery might be a USB memory stick or similar storage card (SDCARD).
Recognizing a PHISHing email can be a challenge, but largely you will notice a few things off about the message. For instance, the message often comes from someone unknown to you, with some sort of plea to read the message in the subject line. Or, the message seems to be from someone you know, but you might notice that the email address is not quite right, or the grammar and syntax of the message is just a little bit off.
Most times you will not know the malicious code is being installed; the attachment method will run in the background as will any delivery through a drive-by.
Once the code is installed, a few things may start to happen that you will begin to notice. Initially, you will notice that you will not be able to open certain files and if you are able to do so, the content may appear as gibberish to you. You may notice strange files or file extensions on your hard drive that you may not have seen before.
When trying to open certain files, you may see some variation of the messages below:
Windows: “Windows can’t open this file. … To open this file, Windows needs to know what program you want to use to open it. Windows can go online to look it up automatically, or you can manually select from a list of programs that are installed on your computer.”
MacOS: “There is no application set to open the document. … Search the App Store for an application that can open this document, or choose an existing application on your computer.”
Finally, you may see a pop-up screen or notice a text file on your computer which will indicate that you have been the victim of a ransomware attack and instructions will be provided to let you know how to pay a price for recovery (typically paid in crypt-currency).
What does Ransomware do and can I get around it?
A ransomware attack potentially does a number of things. First, it looks to encrypt files available to it through an algorithm known only to the attacker. The code seeks to find files it has access to, whether that be on the local hard drive of your computer or the network drives you might be attached to. The code may also try to propagate itself (copy to other locations so that other files can be corrupted).
Once files are afflicted by the ransomware, it is virtually impossible to break the encryption.
Paying the ransom does not always result in the delivery of the access keys to open your files again (some security companies peg the rate of these attackers providing the encryption keys back to the user at around 50 per cent). In addition, even if the encryption keys are provided, not all files are recovered perfectly and some are rendered corrupted due to the process.
What can and should you proactively do?
The best way to combat attacks like ransomware is to play a strong defense.
- First and foremost – back up your data. Whether you are a student, a staff member, or a faculty member, backing up your data and keeping these copies in a safe location is the best way to mitigate these attacks. If your system is corrupted by such an attack, all you would need to do is have the operating system and applications re-installed and then copy your files back and you will be up and running without paying a price or wondering if you will be able to get your files back.
- Update and patch your devices.Yes, it is a pain when you are prompted to install updates on your devices, but it is critical that you do so. Vendors are constantly dealing with these threats and issue updates for your systems to repel these attacks.
- Do not click on or open suspicious links or documents.If you suspect something, send the email to firstname.lastname@example.org for WTS to take a look.
- Act quickly. If you suspect your device is infected, power off the device and seek assistance from your local IT support, WTS, or your technical go-to person. If powering off is not an option, then isolate the device by shutting down network connectivity or by removing the network connection (if applicable).
Increase your awareness and learn more about being cyber resilient and the ways to recognize digital threats by reading this pamphlet.
Also, later this month, Western will launch cyber security awareness learning modules that will allow you to take self-paced, short content mini-courses, such as Information Security Awareness Essentials.
Information Security Awareness Essentials will be available on cybersmart.uwo.ca and you will be able to obtain a certificate upon completion of the module.
Colin Couchman is Director (Cyber Security and Business Services) at Western Technology Services.