Co-Authored by Yoohwan Kim, Ph.D.
CISSP, CISA, CEH, CPT Associate Professor Computer Science Department University of Nevada Las Vegas
This is the third in a series of articles on ransomware.
Ransomware attacks have been on the rise in recent years. In 2016, these attacks increased 6,000% over 2015.
“Ransomware targeting Android users has increased by over 50 percent in just a year, as cybercriminals increasingly take aim at what they view as an easy ecosystem to penetrate,” ZDNet reports. Author Danny Palmer says the increase “comes as users increasingly turn to mobiles as their primary devices, storing more and more valuable data on them.”
Increased use of cloud storage also contributes to the explosive growth of ransomware attacks. As InfoSec Institute notes, “Cloud storage ransomware usually self-propagates after being installed on cloud servers. Virlock is a typical example of cloud storage ransomware. It impersonates FBI authorities and requests victims to pay the fine of $250 due to alleged misconduct on behalf of the victims.”
Many ransomware programs impersonate the FBI in an attempt to make their demands for payment look legitimate. However, no police department or federal investigative organization will ever request payment, especially via the Internet.
Ransomware and the Internet of Things = Jackware?
Between 2015 and 2016, there were at least 15 major industrial incidents involving ransomware attacks, according to a Booz Allen Hamilton Industrial Cyber Security Threat Briefing. These incidents included the following:
- In April 2016, cybercriminals delivered ransomware via phishing to the corporate network of Board of Water & Light (BWL), a Michigan-based public electric and water utility. Administrators shut down the corporate network to isolate the ransomware and prevent it from potentially moving into the operations-technology environment.
- In June 2015, a cybercriminal advertised the sale of SCADA access credentials on a Dark Web forum dedicated to selling stolen data. The post included a screenshot of a SCADA graphical user interface, IP addresses and virtual network computing passwords for a SCADA system managing a hydroelectric generator.
Also in 2015, hackers demonstrated that they could control a Jeep Cherokee from 10 miles away. They were able to cut the Cherokee’s engine and apply the brakes, sending the Jeep into a spin.
Future Ransomware Targets Could Include Household Devices
There are also many potential targets that could be exploited in the future. Think of the electronic devices in a smart home, part of the Internet of Things (IoT). Lights, alarms, music systems and even electric coffeemakers offer hackers potential targets.
Because all manner of IoT devices are linked to the Web, your lights could be turned on at 1:30 in the morning, followed by music from your iTunes collection. If you were asked for a small payment of, say, $30 by 2:30 a.m. that same day, would you pay? What if the payment demands were to increase each hour?
What if your home security system was turned off remotely and you were susceptible to an increased risk of theft or home invasion? How much would you be willing to pay to restore your peace of mind and security?
The future could include the destruction of data from wearable devices (such as Fitbits) or the sale of tracking data. Hostile attackers could turn on your electric coffeemaker while you are away and perhaps cause a house fire if you do not meet their demands for payment.
Protect Yourself from Ransomware by Increasing Your Electronic Security
One way to increase your personal security is to protect the electronic devices that run your life. Your computer serves as your IoT central control and your smartphone is often synchronized with your computer files, so both devices need protection from ransomware.
First, update your antivirus software on your computer, tablets and mobile devices. All devices have patches for your operating system. And be sure to check for updates on any mobile devices.
Second, make your passwords long and difficult to decipher. The days of the eight-character password are gone. The 12- or 14-character password is now the way to help protect your devices and data. Use a hard-to-guess password with numbers, uppercase and lowercase letters, and special characters.
Third, back up your files often. Keep those backups separate from your system, so they will not be compromised if your devices are attacked.
Fourth, always be aware of what you download. Downloading programs from unknown sites is risky. Always use only the sites you know or trust.
Similarly, opening attachments in emails or clicking on URLs in email increases your system’s vulnerability to attack. These practices can permit the downloading of ransomware.
Carefully examine unexpected emails from known or unknown senders. If you know the sender, check with him or her about the email and its attachment before you open it. Also, hover your cursor above a URL in an email to see if it actually goes to a legitimate source and double-check the sender’s email address for accuracy.
Future Protection Against Ransomware
The hope is that future new technology will have better security built into it. Currently, that hope is not realized. The potential for hostile actors to disrupt our life is increasing. It is our job to look for ways to make disruption a bit harder and hope attackers move to an easier target.
About the Authors
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.
Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 “Secrets to Getting a Federal Government Job”.
Dr. Yoohwan Kim is an Associate Professor in the Department of Computer Science at the University of Nevada Las Vegas (UNLV). He received his Ph.D. degree from Case Western Reserve University in 2003 in the area of network security (DDoS attack mitigation). His research expertise includes secure network protocols, unmanned aircraft systems (UAS) communications and cyber-physical system (CPS) security. He has published over 90 papers in peer-reviewed journals and conferences, and has six patents granted or pending. His research has been sponsored by Microsoft Research, the U.S. Air Force, Naval Air Warfare Center, Oak Ridge National Laboratory, National Security Technologies and the National Science Foundation. Before joining UNLV, he had broad experience in the IT industry as a management information system consultant at Andersen Consulting (now Accenture), a database programmer at Cleveland Clinic Foundation, a software engineer at Lucent Technologies, and his own start-up company.