Here’s what you can do about ransomware

Last week, people in my neck of the woods, North Carolina, went into a panic. You couldn’t get gasoline for love or money. The root cause? Colonial Pipeline, a major oil and gas pipeline company, had been hit by a major ransomware attack. With four main fuel pipelines shut down, people throughout the southeast U.S. lined up at gas stations for every drop of gas they could get.

You may not believe that ransomware is a serious threat. But I and most everyone else in the southeast? We believe.

Here’s how the attack worked. First, the software used, DarkSide, is malware that’s offered as a service to crooks via an affiliate program. Yes, ransomware these days is a franchise operation.

Like other ransomware programs, DarkSide encrypts all your files. It uses Salsa20 or RSA-1024 encryption. This locks up your data, and there’s not much you — or anyone else — can do to bring it back on your own. Both can be cracked, but it is not easy. That means if you don’t have an up-to-date backup, you’re pretty much out of business. Your other choice is to pay for a decryption key.

That’s what Colonial Pipeline did; it wound up paying almost $5 million. Guess what? The decryption key works so slowly that sources say Colonial Pipeline ended up using its own backups to restore business systems anyway.

Ransomware attackers can also threaten to release your sensitive data to the public —and won’t your customers just love that! They’ll also threaten to publicize that they’ve got your business data. Since you almost certainly don’t want to reveal that you’ve been cracked, that’s an effective threat. If they can’t get you to pay for the data itself, the goal is to blackmail you.

Copyright © 2021 IDG Communications, Inc.

Source link