Ransomware. What is it and how does it affect me?


From time to time I get asked where I work and what I do – my reply is “I work at a School District.. and I’m a Network Systems Analyst!” I’m sure you won’t be surprised that most people have no idea what that means. “A Network what..?”

Not even­ a decade earlier, Ransomware wasn’t even on the global radar as an emerging threat. It wasn’t until the early 2010’s that the world started seeing the first iterations of frustrating and effecting malware that encrypts all your files on your computer. Fast forward to 2020, Cyber warfare is now a global security threat to organizations worldwide. Did you know there were 4.1 Billion records breached in the first six months of 2019? Entire businesses, Hospitals and entire municipalities have been rendered offline due to ransomware. Let that one sink in. Can you imagine your hometown coming to a halt due to a Security Breach?

If you’ve ever wondered just how much of a problem Cyber Crime has become, check out the link below for a visual on how many breaches there have been worldwide.


https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 

The big question in the room.. is why? Who is designing the ransomware and why?

These individuals are criminals, plain and simple. We often refer to them as malicious players or actors – by anonymously holding critical servers, data, records & payroll information ransom and demanding money in return, you can see the motive behind these attacks.

It’s projected by 2021 that Cyber Crime will be a $6 Trillion business.


https://cybermap.kaspersky.com/

When people ask what exactly a Network Systems Analyst does, I more often than not reply with “I help stop the bad guys from stealing your stuff.” This isn’t far from the truth. Cyber Security professionals are in high demand – this shift in IT has gone from knowing how to fix a computer – to being a Security wiz. The markets will shift to the need & demand.

How does this all fit into our everyday role in protecting ourselves from such an ominous sounding threat? While Cyber Security – at the baseline – fall into the lap of an IT professional, all members of an organization can and must practice good security hygiene. Cyber threats don’t stop at the door. Like a germ, it will spread if we’re all not doing our part. It’s everyone’s job to ensure the safety of our students data.

1. Strong Passwords.
While this seems like a back to basics approach, good Security starts with a strong password. There are great tools out there that can suggest/auto-create passwords for you if you’re unsure where to start. Storing your password in a secure Password Keeper also goes hand-in-hand. Trust me, nobody expects anyone to remember a 12-16 digit password!

How Strong is your Password?
https://www.getcybersafe.gc.ca/cnt/blg/pst-20200115-1-en.aspx

Password Generator
https://passwordsgenerator.net/

2. Lock your session when you’re away from your Computer
We all multitask and walk away from our computers many times a day – whether this be phone calls, meetings, coffee breaks or printing. A breach can be as simple as a visitor taking a photo of an employees screen while they’re away from their computer. With so much sensitive information on our displays over the course of the day, it’s important to remember what’s at risk if somebody gained access to the data on your computer.

3. Be Email Phishing aware
Email scams are at an all-time high. The bad guys are getting smarter – the level of sophistication being used to trick employees into leaking private information outside an organization is on the rise. Being aware of some of the tactics these malicious actors use will help all of us create a defensible security mindset.

How to identify a Phising Email
http://www.rcmp-grc.gc.ca/scams-fraudes/phishing-eng.htm

4. If you don’t know what it is, don’t open it
The number one way Ransomware spreads is through attachements. Ransomware is nothing more than malicious software that executes through a common attachment like a Word or PDF Document. Ensure to always check the sender name when someone is sending you an attachement. Scammers will often emulate a co-workers name in order to trick you into opening something malicious.

5. If you’re unsure, report it!
I always remind people to just go by their gut. If you’re unsure whether something feels right (attachement, email, link, process) simply report it to your IT Dept.

Published by Jacob Hall, Jan 23, 2020