Ransomware: The Twenty-First Century Schoolyard Bully
Like a schoolyard bully making threats in exchange for lunch money, the modern equivalent – in this case cyber criminals – might spare their victim’s data after receiving thousands of dollars ransom. Recently, an entire school district in New Jersey fell prey to a criminal ransomware attack, forcing delayed school openings. Below is a 101 on these types of attacks, as well as a preventative strategy so you’re not the next victim.
What type of attack did the criminals use to bring down this school district?
The weapon of choice used by the criminals in this instance was ransomware, a type of malware that encrypts (locks) all data on a computer or network, rendering it inaccessible until it is unencrypted (unlocked). The digital key to unlock the data is received after paying the attacker a sizable ransom.
How is ransomware delivered?
The primary way that criminals deliver ransomware is via an infected email attachment. The attacker tries to make the email appear legitimate in order to trick the recipient into opening the attachment and deploying the ransomware. Once the victim’s system is infected, the ransomware will attempt to spread to any other computer it is connected to on the network, including other laptops, desktops, servers and backup systems.
Does ransomware only threaten school systems?
Unfortunately, ransomware has spared no industry, with close to one billion infections detected in 2018 alone. The ease and effectiveness of deploying ransomware makes it a very lucrative endeavor for enterprising cyber criminals, thus making it a threat that is here to stay for the foreseeable future.
If I am hit with ransomware, what should I do?
The FBI recommends not paying the ransom, and instead formatting infected systems and restoring data from backups. Payment to the criminals should be a last resort, as not only does it perpetuate future attacks, but there are many cases where even after receiving payment, attackers do not provide the keys needed to decrypt the data.
How do I prevent ransomware?
The best way to avoid ransomware is through education. Cybersecurity awareness training creates a virtual human firewall, as educated users will be much more likely to detect and avoid unexpected email attachments that can unleash malware, including ransomware.