Ransomware is malicious software that encrypts a computer system’s data and demands payment to restore access. This software is used in cyberattacks to paralyse organisations. The National Institute of Standards and Technology (NIST) has published an infographic offering a series of simple tips and tactics. This infographic can help organisations protect against ransomware attacks and recover from them if they happen. NIST is a nonregulatory agency of the U.S. Department of Commerce.
NIST’s advice includes:
- Use antivirus software at all times — and make sure it’s set up to automatically scan your emails and removable media (e.g., flash drives) for ransomware and other malware.
- Keep all computers fully patched with security updates.
- Use security products or services that block access to known ransomware sites on the internet.
- Configure operating systems or use third-party software to allow only authorised applications to run on computers, thus preventing ransomware from working.
- Restrict or prohibit the use of personally owned devices on your organisation’s networks and for telework or remote access unless you’re taking extra steps to assure security.
NIST also advises users to follow these tips for their work computers:
- Use standard user accounts instead of accounts with administrative privileges whenever possible.
- Avoid using personal applications and websites, such as email, chat and social media, on work computers.
- Avoid opening files, clicking on links, etc. from unknown sources without first checking them for suspicious content. For example, you can run an antivirus scan on a file, and inspect links carefully.
Unfortunately, even with protective measures in place, eventually, a ransomware attack may still succeed. Organisations can prepare for this by taking steps to ensure that their information will not be corrupted or lost, and those normal operations can resume quickly. NIST recommends that organisations follow these steps to accelerate their recovery:
- Develop and implement an incident recovery plan with defined roles and strategies for decision making.
- Carefully plan, implement and test a data backup and restoration strategy. It’s important not only to have secure backups of all your important data but also to make sure that backups are kept isolated so ransomware can’t readily spread to them.
- Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement.
These tips and tactics in dealing with ransomware attacks are highly relevant as there have been many cyberattacks recently, including ransomware attack against the U.S. Gasoline Pipeline. As reported by OpenGov Asia, U.S. Gasoline Pipeline learned it was the victim of a cybersecurity attack on May 7 and has since determined that the incident involved ransomware, code that holds computer systems hostage.
In response, the pipeline company proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of their IT systems, which they are actively in the process of restoring.
Multiple sources have confirmed that the ransomware attack was caused by a cyber-criminal gang, who infiltrated Colonial’s network on Thursday and took almost 100GB of data hostage. After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom.
The pipeline company remained in contact with law enforcement and other federal agencies, including the Department of Energy who is leading the Federal Government response. The company’s highest priority is to maintain the operational security of its pipeline. Their personnel have taken additional precautionary measures to help further monitor and protect the safety and security of its pipeline.
The pipeline company’s operations team is developing a system restart plan. While their mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational. They are in the process of restoring service to other laterals and will bring our full system back online only when they believe it is safe to do and in full compliance with the approval of all federal regulations.
This incident highlights the increasing risk ransomware is posing to critical national industrial infrastructure, not just businesses. It also marks the rise of an insidious criminal IT ecosystem worth tens of millions of pounds. It is unlike anything the cyber-security industry has ever seen before.