On January 19th, the libraries of St. Louis, Missouri, were faced with an increasingly common challenge. The city’s library computers were infected by ransomware, which locked down their computers in an attempt to extort a large sum of money from the city.
The attack itself was virulent enough to impact over seven hundred computers in seventeen libraries and would only be brought to a halt after the cyber-criminals’ demands were met. The perpetrators demanded $35,000 to put the system back into working order, an amount that would have to be paid in Bitcoin, an untraceable electronic crypto-currency.
The library officials refused to pay to have their machines unlocked. Instead, the IT staff wiped all of the impacted computer servers and restored them from a recent backup. On January 23rd, most of the library services were restored. While the FBI is still investigating the matter, it’s important that businesses and private individuals alike take the time to learn the following lessons from the St. Louis attack.
Ransomware is a problem, and it’s going to keep getting bigger this year.
Although the attack wasn’t as successful as the criminals hoped in St. Louis, ransomware is still an incredibly effective tool in the hands of cybercriminals.
Similar individuals have carried out many attacks in 2016, and it doesn’t look like that trend is going to slow down this year. Security software specialist Malwarebytes estimated that as many as two-fifths of businesses in the UK, US, Canada, and Germany were hit by ransomware attacks in 2016. This is probably one of the most significant trends in the cybersecurity arena and one that deserves every bit of attention it gets.
Why ransomware? It’s actually very useful for criminals for a few reasons. First and foremost, the attacks are very easy to coordinate. It doesn’t take long to get the relevant programs up and running, and it really doesn’t take all that much technological know-how to successfully execute the attack. This is helped by the fact that most companies really aren’t doing all they should to defend against these attacks. Because the concept is relatively new, there are many criminals who are able to skate by on the ignorance of their targets.
This ease of use is probably why the attacks will continue to be so popular. Because they shut down operations, they’re especially effective against high-value targets like major corporations, municipalities, and even the very wealthy. It’s estimated that around forty percent of the businesses in the first world have been hit by similar attacks and that these attacks cost the global economy around one billion dollars in 2016. The fact that the attacks are increasing and continue to be successful bodes very ill for the future.
Cybercriminals are becoming more creative in their attack methods.
While it’s easy to write off criminals as being lucky, the fact is that most hackers are getting creative with their tools. Most ransomware attacks occur after the victim downloads an innocent-looking e-mail attachment or visits a website that looks friendly. Once the file transfer has begun, the ransomware can shut down the user’s computer and spread throughout the rest of his or her network.
What’s particularly threatening about these attacks is that they are no longer coming just through the usual vectors of infection. The St. Louis attack didn’t go through a simple phishing process, but rather a more sophisticated break-in. According to St. Louis Public Library Executive Director Waller McGuire, the malware was installed via a network break-in, although the exact point of entry isn’t known.
This means that the hackers weren’t just counting on people being tech-unfriendly, but rather taking advantage of the insecurity of the platforms being used. This usage of new, more sophisticated attack techniques means that many of the protective measures that consumers use now may not be useful in the future.
The target list is getting bigger.
You wouldn’t necessarily count a library system among the targets of ransomware, but the target list for these attacks is getting bigger. Not only has the library system been hit this year, but last year churches, hospitals, and universities were also targeted. Everything from government agencies to local law enforcement has felt the sting of ransomware, moving the target away from the rich and famous to the backbones of our society.
Ransomware can, and will, target everyone. It doesn’t matter who you are or what you do because the software doesn’t think. The only goal of the software is to get you to pay money, so you could very well be targeted by software that was initially meant to hurt someone else. This is an incredibly sophisticated kind of amoral attack, one that absolutely doesn’t care how much harm it causes in the pursuit of making more money.
Back-ups help, but they are not enough to ensure protection.
St. Louis was able to get out of its jam not because of any special skills, but because its IT department followed the best possible system back-up practices. They didn’t just go halfway – they backed up more than just data, which allowed them to do full wipes of the system and bring them back online with relatively little down-time.
The problem with relying on backups is that you can’t be sure that it’s going to be enough to help you. Most businesses don’t back up everything they’ll need to do this kind of full restore, and there’s still the possibility of having your backups infected. This means that even the lifeline that was extended to the St. Louis libraries can fail you, and your best attempts at getting back to business might be for nothing. Even worse, you might put the data of your customers at risk, destroying the faith that others have in your business.
So, what can you realistically do to protect your system? You’ll need to make sure that you have multiple layers of defense on top of your regular backup programs. Try to make sure that you don’t expose the most important parts of your personal or business network to the internet and keep as much data away from connected systems as possible. It’s honestly not possible to be paranoid enough in a world that sees regular ransom attacks, so layer on as much security between data and the internet as possible.
The more criminals get paid, the more they’ll continue to use ransomeware.
One of the biggest reasons that ransomware is going to continue to be a problem is because it works. People are willing to pay to get their files back, and this makes criminals far more determined than they might otherwise be.
The easiest way to get back to business is to pay, and that means that most businesses would rather put money towards the problem than wasting their valuable time. While it is perhaps a reasonable position for a large business that would lose more from downtime than paying the ransom, it’s not a realistic solution for individuals and small businesses.
So, what can you do? If possible, you should absolutely not pay the criminals who have launched the attack. After all, there’s no guarantee that these people actually have access to your data – or if they’ll feel like giving it back to you. Remember, you are dealing with criminals here, and there’s no reason for you to assume that they will be honest. It’s also important that you remember that every time someone pays these criminals, their attitudes are reinforced. Instead, be like St. Louis and find ways to stop them from getting what they want.
The attack on St. Louis should be both a warning and wake-up call to anyone who uses a computer. Pay attention to ransomware and take the steps necessary to stop it from impacting your life and business. A bit of prevention now can save you thousands of dollars in the future, so make sure your systems are protected and backed up before this kind of nightmare scenario occurs.
Josh McAllister is a freelance technology journalist with years of experience in the IT sector. He is passionate about helping small business owners understand how technology can save them time and money. Find him on Twitter @josh8mcallister