It was only a week ago we found out that, when confronted with cybercrime, around 30 percent of victims would negotiate with attackers, offering payments in exchange for unlocked or returned files. The Lincoln County Sheriff's Office in Maine—along with four other towns in the area—paid $300 to a set of hackers who struck a shared system with a breed of ransomware.
The virus in question, referred to as a “megacode” was somehow downloaded into the shared system, and the computers—according to Lincoln County Sheriff Todd Bracket—were rendered unusable until the fees were paid. Moreover, Bracket noted, the hackers intended to completely wipe out the system's contents if the fee, to be paid in Bitcoin, wasn't received. The FBI came in to track the payment, which went to a Swiss bank account, and thus left no further trail.
Ransomware has shown its face around area systems before, according to reports, with the Houlton Police Department reporting a similar hit earlier in the week, and its computer systems were in turn locked up until the ransom was paid. Just last summer, the FBI and a coalition of private security firms and foreign governments got together to take out one operation in Russia that had included a ransomware scheme, among several other points. Officials had reportedly identified the individual behind the scheme, but hadn't apprehended him.
Thanks to the ThreatTrack study, we know that schemes like this generally have a good chance of paying off for those involved, as long as said operators put protections around payment structures, as this case seems to have done. With almost a third of cybercrime victims intending to negotiate, as the Lincoln County Sheriff's Office did, it becomes easier for criminals to put these schemes into use. But what is anyone to do in response to these issues? One possible point is to establish offline backup systems for critical systems; imagine the look on a hacker's face when he or she is told that it would be cheaper to buy a new computer than to pay off a ransomware demand. Granted, even air gap defenses aren't foolproof, but it takes a whole lot more to access a computer secured with the air gap than one that's online.
Of course there are also other protection methods; WeLiveSecurity notes that System Restore can help get systems back to a “known-clean” state, before the malware actually hit under the right conditions. Showing hidden file extensions and blocking .EXE files in email applications can also be of some benefit. Plus, the standards about updating software patches and running antivirus tools also apply.
Ransomware can be tough to spot, but some fairly basic protection measures can go a long way toward ensuring files are on hand without having to pay a random cybercriminal. With some fairly simple protections in mind, even if some of this malware finds a system, its impact can be mitigated and kept to a minimum.