The recent hack of the Colonial Pipeline by a Russian cybercriminal group called DarkSide is the second big warning shot in the past year, the first being the SolarWinds hack late last year. While the SolarWinds hack may have been obscure for most of us, all of us can relate to the gasoline supply being cut off.
Ransomware is malicious code that is usually downloaded through phishing emails or is embedded in a website. Once it has been downloaded onto your device, it begins encrypting all of the files on your computer and it can also encrypt files on a shared drive, a mapped drive and the files stored in the cloud if those folders are shared on your device. Once all of your files are encrypted, they are unusable and the ransomware provides a pop-up window informing you how and where to pay the ransom to get the key to restore your files.
This can be devastating for the individual and catastrophic for companies. But what can you do once you have been affected by ransomware?
The first thing to do is to contact the FBI. Ransomware is a big problem from both a criminal and cyber-warfare point of view and should not be taken lightly. It is a threat to our economy and our democracy.
Once you have done that, there are really just three options.
As the saying goes, an ounce of prevention is worth a pound of cure. I always have backups in three different places. I use three cloud services and a removable hard drive. The cloud service backs up in real time, so the data is always current. The removable hard drive served as an “air-gapped” device, meaning that it has no connection to my machines when it is not physically connected to one of them. I back up my files every other day with the removable hard drive. Cloud service providers back up all data they store for you regularly and if you are hit by ransomware, you should be able to recover most files quickly from that backup. It is like having a backup for your backup. This is the best way to avoid losing data under any scenario. If you restore the files, you should still inform the FBI of the attack.
Contact a cybersecurity company such as Cloudflare or Bitdefender. These companies are dedicated to the craft of cybersecurity. If the ransomware is known by these companies (meaning not a new variant) then they may be able to restore your files for a fee. This is much more practical for companies than individuals, however, their fee will be less than the cybercriminal’s fee. There are limitations to their ability to unencrypt all the files or even to unencrypt any files depending on the level of the ransomware.
Option 3 (not recommended):
Pay the ransom. If you do not have backups and the FBI and private companies cannot help you, this might be the only choice. But it is still a bad idea. Colonial Pipeline paid $5 million in ransom despite the pleas from the U.S. government to not do so. We do not pay ransom to terrorists who hold humans hostage, so why would we pay to liberate data? Further, you are dealing with international criminals. That means they are dishonest and there is no guarantee that they will give you the key to unencrypt the files even once you have paid. In addition, you are contributing to the expansion of cybercrime. Paying the ransom should always be the last option and done only if all other avenues have been exhausted.
In the meantime, back up all of your data regularly and in different places. Do not open a link or file in an email unless you are 100% certain you know who sent it. Do not click on random pop-ups on a website.
There is no quick solution to cybersecurity issues. It is a matter of diligence, patience, common sense and using cybersecurity best practices.
I would like to hear your questions and concerns for future articles. You can reach me at firstname.lastname@example.org.
Dr. John B. Nicholas is a Professor of Computer Information Systems and Co-Founder of the Cybersecurity Degree Track at The University of Akron. Dr. Nicholas has over 30 years of experience in the technology field in both the private sector and in higher education.
You just read this article for free. The good news is that we’re committed to never putting our content behind a paywall. We want our readers to be able to continue reading for free because we believe everyone should have access to quality journalism.
But here’s the catch: Our work is not free to produce. If you can afford to contribute by joining our co-op and becoming a member, we need your support for the news we offer to remain free and equitable. Plus, we think you’ll love being able to say, “I’m part-owner of a magazine.”
We want all Akronites, our neighboring suburbanites, and our beloved expats to have the opportunity to learn what’s happening here, and to read articles written by contributors whose love for Akron shines through their work. So here’s what we’re asking: Please join us for as little as $1/month in becoming a member. When you click the red button below, you help keep our content free for thousands of readers who might not otherwise be able to access our stories.