The Office of the Information and Privacy Commissioner of Alberta has developed guidelines to assist public bodies, health custodians and private organizations with preventing and responding to ransomware cyberattacks. The Advisory published in March 2016 in PDF can be downloaded here.
According to most information technology experts, antivirus vendors and security professionals, “Ransomware” is considered a type of malicious software designed to block access to a computer system and files until a sum of money is paid within a certain deadline, to an unknown party. The sum of money to be paid varies from as little as $25 to thousands of dollars including online currency such as Bitcoins. Moreover, Ransomware stops you from using your PC and holds it and your files for ransom.
Most Ransomware is delivered via email with an attachment. Ransomware is also delivered via drive-by-download attacks on compromised websites.
Ransomware software carries various names (i.e., CryptoLocker, Cryptowall, FakeBsod), which provides a revenue stream to hackers because victims would rather pay the fee instead of looking for an alternative option or have to disclose that they were a victim of ransomware software.
According to Microsoft, “Cryptowall and FakeBsod are currently the two most prevalent ransomware families. These two families were detected on more than 850,000 PCs running Microsoft security software between June and November 2015.” […] “FakeBsod was responsible for 17 percent of the top ten ransomware infections detected by Microsoft security products during November 2015.”
Although the problem is well known, avoiding infection is a bigger problem, as well as what to do when you are infected.
Alberta Ransomware Advisory does a good job providing prevention guidelines and responding to a ransomware cyber-attack. I hope you have taken the preventive measures listed in the advisory such as having a backup of your files on an external device and that your computer is protected with reliable and up-to-date anti-malware software among others.
According to security experts, by backing up your operating system, files and documents on an external hard drive every single day, you completely mitigate the risk of ransomware by circumventing the tool it uses to get you to pay in the first place.
This said, if you find yourself facing such an attack, it is never recommended you pay the fine. There is no guarantee that paying the ransom will give you access to your files or that the attacker will not leave other forms of malware running on the system. In a sense, you are telling them to keep what they took, and you start all over with the data you backed up on a new computer or after having your existing computer cleaned up, if at all possible. You should consult with a security expert on the best way to do this. In addition, you need to mitigate the risk of harm to customers or third-parties personal information you may be storing on that computer immediately by informing them of the criminal breach.
If you are a victim of ransomware in Canada, there are a couple of things you should do:
- You should consider the sensitivity of your data, your profile and the type of organization.
- You should consider your obligations under the law (privacy legislation among others) and the requirements of your professional body (i.e., code of ethics, rules and by-laws).
- You should contact the Canadian Anti-Fraud Centre to report the Internet fraud.
- If you store on the computer personal information of customers, clients, employees or third-parties, and there is a real risk of significant harm because of the intrusion caused by the Ransomware, you may have to contact a federal or provincial Office of the Privacy Commissioner to disclose the breach of personal information and communicate with affected individuals.
- If appropriate, you should also call the police to report the crime, as Ransomware is a crime.
The message here, no organization is immune to hack or ransomware, and, the average cost of a company data breach has risen to $3.5 million, according to a recent study by the Ponemon Institute. That means protection and prevention is absolutely critical.