UNENCRYPTED: STAYING SAFE FROM CYBERCRIME

The recent hack of the Colonial Pipeline by a Russian cybercriminal group called DarkSide is the second big warning shot in the past year, the first being the SolarWinds hack late last year. While the SolarWinds hack may have been obscure for most of us, everyone can relate to the gasoline supply being cut off.

Ransomware is malicious code usually downloaded through phishing emails or embedded in a website. Once it has been downloaded onto your device, it begins encrypting all of the files on your computer. It can also encrypt files on a shared drive, a mapped drive, and the files stored in the cloud if those folders are shared on your device. Once all of your files are encrypted, they are unusable and the ransomware provides a pop-up window informing you how and where to pay the ransom to get the key to restore your files.

This can be devastating for the individual and catastrophic for companies. But what can you do once you have been affected by ransomware? First: Contact the FBI. Ransomware is a big problem from both a criminal and cyber-warfare point of view and should not be taken lightly. It is a threat to our economy and our democracy.

Once you have done that, there are really just three options.

As the saying goes, an ounce of prevention is worth a pound of cure. I always have backups on three cloud services and a removable hard drive.

The cloud service backs up in real time. The removable hard drive served as an “air-gapped” device, meaning that it has no connection to my machines when it is not physically connected to one of them. I back up my files every other day with the removable hard drive.

Cloud service providers backup all data they store for you regularly and if you are hit by ransomware, you should be able to recover most files quickly from that backup. It is like having a backup for your backup. If you restore the files, you should still inform the FBI of the attack. Contact a cybersecurity company. These companies are dedicated to the craft of cybersecurity. If the ransomware is known by these companies (meaning not a new variant) then they may be able to restore your files for a fee.

This is much more practical for companies than individuals, however, their fee will be less than the cybercriminal’s fee. There are limitations to their ability to unencrypt all the files or even to unencrypt any files depending on the level of the ransomware.

If you do not have backups and the FBI and private companies cannot help you, this might be the only choice. But it is still a bad idea.

Colonial Pipeline paid $5 million in ransom despite the pleas from the U.S. government to not do so. We do not pay ransom to terrorists who hold humans hostage, so why would we pay to liberate data? Further, you are dealing with international criminals and there is no guarantee that they will give you the key to unencrypt the files even once you have paid.

You are contributing to the expansion of cybercrime. Paying the ransom should always be the last option.

In the meantime, backup all of your data regularly and in different places. Do not open a link or file in an email unless you are 100% certain you know who sent it. Do not click on random pop-ups on a website.

There is no quick solution to cybersecurity issues. It is a matter of diligence, patience, common sense and using cybersecurity best practices.

I would like to hear your questions and concerns for future articles at jbnicholasphd@gmail.com.

Dr. John B. Nicholas is a Professor of Computer Information Systems and Co-Founder of the Cybersecurity Degree Track at The University of Akron. Dr. Nicholas has over 30 years of experience in the technology field in both the private sector and in higher education.

We can customize an award or gift especially for you. We engrave items that you already have as well including: guns, knives, bowls, Yeti Mugs, Don Drumm Artwork, etc...