Untitled Document

Ransomware - an insidious enemy

By now, most of you have heard of Ransomware, a type of malicious software (malware) designed to deny access to a computer system or data. Computers are generally infected by malware that then spreads through phishing emails or by unknowingly visiting an infected website. In short, it hijacks your computer system and cripples the ability to function until a ransom is paid.

Ransomware has a long and sordid history, starting 30 years ago when a virus called PC Cyborg was unleashed on AIDS researchers. The first known target of modern Ransomware (CryptoLocker) was a police department in Massachusetts. More recently, there was a ransomware attack on the Colorado Department of Transportation (SamSam) in 2018. It cost more than $1.5 million dollars to mitigate the damages.

ITD is constantly being targeted by Ransomware attacks. Thousands of attacks are stopped each year by email filtering. Firewall monitoring and website filtering stop most of the malicious emails that get through, around 100 a year. Around five times per year, network traffic monitoring and endpoint security have stopped Ransomware that has gotten through to user desktops.

If Ransomware bypassed ITD's defenses, it would endanger ITD's core mission, while threatening systems and core infrastructure. This would be considered a catastrophic event. ITD would have to restore what data could be saved, and accept the loss of data that could not be salvaged.

“Not all of ITD's infrastructure is backed up,” said ITD Chief Information Security Officer Brian Reed. “Not all business systems are backed up, either. Most cloud data also isn't backed up, so restoring all known good data would be challenging.”

Current estimates require at least 10 business days to restore infrastructure and basic communications from a catastrophic event, and another 10 business days to restore mission-critical systems that are backed up. Another 30 days would be needed to restore high-priority systems that were backed up and mission-critical systems that were not backed up. It could take up to a year before normal functionality is restored.

In this case, an ounce of prevention is worth WAY more than a pound of cure!

ITD leadership is evaluating the financial investments the department has made in certain infrastructure platforms and continually weighs that against the possible ramifications of an assault, and business managers have developed a list of high, moderate and low-impact systems — a check-down list in the case of a successful attack. A critical part of the equation is to determine if funds are available to increase resiliency.

Time is of the essence if a disaster did strike, so our IT/ETS teams hold disaster-recovery drills and data-restoration exercises to reduce time in crisis situations and avoid common mistakes.

Clicking on suspicious email is only one avenue for Ransomware. Compromised web sites and mobile devices, accessing personal email, and using corrupted thumbdrives and can all be an open door for a computer virus. That’s one big reason we all must complete mandatory cybersecurity training each year.

Brian Reed, Josh Stemp or anybody on the Information Security team would be happy to answer our questions about how to avoid Ransomware or any other information security topic.