CLARKSBURG, Va. (WV News) – Ransomware attacks are increasingly targeted, sophisticated and expensive.

Clicking on malware through an advertisement, email attachment, link, or even a website can end up blocking administrative offices, businesses, and other users from accessing key data, resulting in can cause serious problems.

According to Steve Lampo, a special supervisory agent at the FBI’s field office in Pittsburgh, there are ways to avoid problems with ransomware, as well as proper precautions you can take to prevent ransomware attacks.

“Ransomware is relatively new. It has been very popular for a few years. Some of the groups that run ransomware programs have been around for some time. Many of them were traditional banking malware clusters that five, six, or seven years ago broke into corporate bank accounts, initiating large wire transfers.

“But around 2017 or so, a lot of them found it more profitable to do ransomware instead. It’s been on the rise since then, ”Lampo said.

The main purpose of ransomware, he said, is to smuggle the malware onto, say, a commercial network, find the most important resources for that business that they cannot do without, and then encrypt those resources. resources.

“They’re basically going to hold that data for ransom, demanding payment usually in cryptocurrency like Bitcoin,” he said.

Another thing they could do, he said, is exfiltrate sensitive data, remove it from the network, and keep that ransom as well. At this point, if the victim does not pay, the infiltrator can say that he will not recover the data and it will be made public.

“It’s kind of a double threat. Some of the things we will say to businesses specifically to protect themselves is one, make sure you have offline backups. Many companies rely on cloud backups, which in itself is not a bad thing. It’s great if there is a hardware failure, you can put a new part in or in the back, restore it and save it very quickly. However, if the system administrator can access these backups, so can an intruder. We’ve seen a lot of victims say they have cloud backups, but the bad guys have them too, ”he said.

Having something that can be physically accessed offline is important just to be safe, he said.

“Another thing we say especially to businesses is that your IT staff pay close attention to updating and fixing things like the operating system and all the software on your network, such as your computer software. email and web software, because your ransomware players will often use typical software vulnerabilities to gain access to that person’s network, ”he said.

A third aspect to emphasize, he said, is to ensure that employees are educated, as hackers can unknowingly infiltrate a network through them.

“Your employees, you have to educate them. At the FBI, we do a more than annual phishing test. We received a phishing email and we see who clicks on it. If someone clicks on it, they may need to educate themselves further. A lot of people are willing to click on certain links and attachments. People need to know if it’s from an unreliable source, don’t click on it. Call the person, see them in person, verify that they have sent you this information, ”he said.

When an incident occurs, Lampo said it was important to respond immediately.

“Once you have a ransomware incident, one of the most important things to do initially is to disconnect the affected devices from the network and the Internet. It helps to stop the spread. Then they should [contact] their local FBI office. We are the primary cybersecurity response agency, and once the field office is contacted, we will request specific information in order to investigate and see who is behind the attack. Some of the things we will usually ask for is a copy of the ransom note.

“It might be a pop-up on the screen, an email that was sent to an executive, but it helps us because a lot of these groups follow the same format with their ransom demands. This information usually contains an email address that the victim can use to work with the attackers to communicate and negotiate the ransom. It helps us because sometimes we can track them as well as a cryptocurrency wallet. So maybe like a Bitcoin address, if we have it, it helps us investigate. Really our main goal with this is to hunt down the attackers and hold them accountable wherever they are, ”he said.

Relevant entities should also contact the Internet Crime and Compliance Center at ic3.gov and file a complaint, he said.

“It’s part of the FBI, but the IC3 is very good at putting these types of reports together and helping to connect the dots to see if there is any commonality between the different ransomware attacks and to pass that information back to the office on the field, so we can do our job better, ”he said.

Lampo said that about two years ago, a local industry that had been infiltrated with ransomware was aided by the FBI before a serious incident occurred.

“We had a local industry in the Pittsburgh area that we got to about two years ago because we had inside information and we said, ‘Hey, these bad guys are on your network and they were ready to roll out the ransomware ”. They were there but had not yet deployed it. This particular organization took our advice, brought in a third-party remediation company, and was able to really clean up their network before the ransomware was deployed. “

While there is a cost to making a response like this, Lampo said it was way better than deploying the ransomware because you still have to bring in someone to clean up the network even after it is deployed. . This is true regardless of the decision to pay the ransom.

“It’s a success story that actually built a lot of trust between this company and us in the process,” he said.

The US government, working with the FBI, recently launched a ransomware task force to seriously tackle the growing problem, he said.

“Our goal in the task force is to lay bare all the resources in order to combat this particular threat, so it’s not just the FBI. We have our other US intelligence agencies, some of which are foreign partners. We’ve taken advantage of the US Treasury Department to impose sanctions on groups like this, so we want to bring some sort of judicial press against ransomeware groups and keep the cost of their operations going up. “, did he declare.

Steve Roberts, president of the West Virginia Chamber of Commerce, said there were internal discussions about the issue and that they “are planning a program to be held in early summer” to educate him and solve it.

{scope}Editor-in-chief Steven Baublitz can be reached at (304) 626-1404 or [email protected]{/scope}



Leave a Reply

Your email address will not be published.