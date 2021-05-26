Would it surprise you to find out that I could write a program that can send you an email and make it look like it’s coming from the editor of this newspaper? What about from your boss? Hackers do this all the time.
You have probably heard about the gas shortage in the southeast. Colonial Pipeline, the company that runs an oil pipeline that extends from Texas all the way up to Maryland, supplying 45% of the fuel consumed on the East Coast, suspended all operations when they learned that their network had been compromised by a ransomware attack.
A ransomware attack is one in which the attacker infects your computer (or as many as it can on a company network) and then encrypts files, making them unusable. The hacker has the key for the encrypted files and asks the victim for payment, usually in Bitcoin, or they won’t turn over the key and the victim is unable to access their files.
When ransomware first started showing up it was targeting anyone that would download it, but the payouts for that were a few hundred dollars (a person only has so much money) and most of the time people wouldn’t pay. Over time the target shifted from anyone to organizations. They started targeting schools, cities and hospitals. Organizations that typically have very little budget for IT security and cannot run without access to their files.
The attacks became targeted at people who work at these organizations. It’s easy to find a list of people who work at a school or city, and it’s easy to send them an email that appears to be from a colleague asking them to look at a file. Once the malware is installed it then infects as many computers as it can and encrypts important files.
It’s one thing for Bob down the street to lose access to his photos and tax documents (I hope you backed those up, Bob). It’s another thing for a hospital to lose access to patient records and the ability to schedule appointments or fill out a patient’s chart.
Once infected, the only way to remedy the problem is to pay the ransom or restore from backups. Neither option is a good one. Ransoms for organizations have historically been hundreds of thousands to millions of dollars. Restoring from backup avoids that cost but has other costs associated with it. It’ll take weeks to ensure that the virus is out of every computer on the network and restore all the files lost.
It appears that Colonial Pipeline is not going to pay the ransom to Darkside, a Russian-based organization that has claimed responsibility for this hack. That means that it’ll take them awhile to get the pipeline up and running.
The only good option when it comes to ransomware is to not get infected. If you’re worried about an email you received, talk to the sender and ask if they actually sent it. Always keep your computer up to date. Microsoft does a great job of updating the built-in anti-virus software in Windows. These updates are critical in patching newly-found security holes.
You should also back up your files. You can use an external hard drive or a thumb drive to back up your photos and documents. You can also pay for cloud storage, typically a few dollars a month for enough storage to back up your photos and other documents. This way if your computer gets infected or otherwise stops working, you won’t have to worry about losing them