ICFE eNEWS #16-42 - December 1st 2016
Ransomware and Terrorism
By Yan Ross, Director of Special Projects,
We live in a world of change, with new challenges arising nearly
every day. But our responses to the challenges don't have to be
built anew, from the ground up, every time we learn of another attack.
"There's nothing new under the sun," is an observation
as old as civilization itself. Two manifestations of that comment
are terrorism and ransomware.
An act of terrorism of the
modern day is usually directed toward an entire system or nation
or society, using destructive acts to interfere with the critical
functions supporting the lives of the target's population. The specific
victims are irrelevant, as the goal is to disrupt the lives of those
Ransomware is similarly utilized to disrupt
the life of the individual or organization which depends on the
smooth functioning of its information technology to maintain its
operations. The specific victim, however, is essential here, as
the goal is to extract, or extort, money or other valuable consideration
from the affected party.
In the world of identity theft risk
management, we may ask what these two phenomena have in common,
in order to better understand and respond to the challenges they
To prevent or avoid the consequences of an attack
of terrorism or ransomware, the defenders must effectively repel
every single attempt to perpetrate the crime. The attackers need
only overcome the defenses once in any given situation to prevail.
The result is a set of dynamics that places the onus on the
legitimate operators of the systems, whether they be physical or
cyber-based, to prepare for and institute protocols and take defensive
actions which will subdue the attackers.
In this situation,
the polar opposites of greed and fear are at work: greed on the
part of the ransomware perpetrators, and a healthy fear on the part
of the good guys. Note the use of "healthy" in this context:
not an irrational fear, but one based on an appreciation of the
threat, leading to the adoption of appropriate defensive measures.
What are these "appropriate defensive measures," in
the context of identity theft risk management? There is no silver
bullet, but here are some of the most important actions and concepts
to consider in preparing the right defenses against ransomware attacks.
- Education to train users to avoid clicking on emails from
unknown or untrusted senders, especially those with attachments.
Links to websites can also be a vulnerability to installation
of ransomware, as well as software with embedded macros that
can be hacked to gain access to operating systems. This is the
first line of defense against those ransomware applications
that require action by the user to gain access to the target
files and data.
- Install and keep antivirus software updated for virus detection
and deletion on IT systems. While anti-virus software is by
its nature reactive to new threats as they are identified, they
do provide a supplementary line of defense in conjunction with
other preventive measures.
- Implement firewalls to block ransomware entry points, as
most need direct contact with the command-and-control functions
of the target server to encrypt files. Isolating the target
files and data sought by ransomware operates an yet another
way of guarding against this threat.
- Install and keep current a robust back-up and recovery system,
including regular and frequent back-ups, remote or at least
separate on-site storage, and systematic duplication and recovery
capability. This has always been good practice, even before
the onslaught of ransomware, as other systemic failures can
have the same deleterious effect of compromising the availability
of data and files.
- Invest in keeping personal capabilities and IT training
and implementation current, whether it's for personal or business
purposes, since it's generally the lack of knowledge and failure
to keep up to date that results in vulnerability to ransomware
Ransomers are like other crooks and terrorists: they will tend
to attack weaker and more vulnerable targets. When they see a robust
defense system in place, they are likely to move on to less prepared
targets. The ransomware practice of sending out large numbers of
phishing e-mails, hoping for an untrained user to "click"
on the link that lets in the ransom program, is a numbers game.
This is the time to prepare against a ransomware attack,
and avoid the situation of having to find out whether the ransomers
can actually decrypt the files they have disabled – or whether it's
just a con game of taking the ransom payment and leaving the victim
with an empty bag.
The ICFE's Certified
Identity Theft Risk Management Specialist ® XV CITRMS® course
is now available both in printed format and online.
and Desk Reference edition of the course book is also available
online. Bulk pricing and discounts for veterans and students available.
Inquire at firstname.lastname@example.org
Ross is ICFE's Director of Special Projects, and the author of the
Certified Identity Theft Risk Management Specialist ® XV CITRMS®
course. As an accredited educator for over 20 years, he has addressed
Identity Theft Risk Assessment and management for consumers, organizations
holding personally identifiable information, and professionals who
work with individuals and organizations who are at risk of falling
victim to identity thieves.