by Elizabeth Jenike

If you’ve been paying attention to the news, you may know that Atlanta, Georgia, recently fell victim to a large-scale cybercrime operation. According to The New York Times, on Thursday, March 22, the city experienced “one of the most sustained and consequential cyberattacks” on record in the form of a ransomware attack.

Ransomware is one of the more insidious forms of malware that can impact businesses and individuals alike. Essentially it works by coercing an unsuspecting user to click on a suspicious link in an email or download a malicious file from an unsafe website. At that point, the program encrypts files and requests a ransom in order for the files to become available again.

The attack against the city of Atlanta involved an extortion scheme to the tune of $51,000. It took parts of the city completely offline—the Atlanta Municipal Court was unable to validate warrants, police officers couldn’t submit reports, and the city stopped taking employment applications. One councilman’s office lost 16 years’ worth of records. Some functions were not impacted, such as the system governing 911 calls.

The attack has taken its toll on the city financially, as well. As of April 12, according to SC Media contributor Doug Olenick, Atlanta had spent over $2.7 million trying to mitigate the impact of this attack and prevent further harm.

This huge, unexpected attack—which Atlanta is still recovering from even a month later—casts a large shadow. And it begs the question: What happens if Miami is impacted by such a big attack? Is your data safe?

Money-making malware

Ransomware is one of the most lucrative ways to make money on the internet for savvy hackers and malicious actors. A report from Symantec at the beginning of 2017 found that the average ransom demand in 2016 was $679, more than double the previous year’s numbers. This put total payments for 2016 in the range of $1 billion, according to the FBI.

Phishing emails are a common delivery mechanism for code containing ransomware. Chicago Tonight reported that IBM’s recent ransomware research showed that 40 percent of spam emails sent in 2016 had some sort of ransomware attached.

Many of these messages get picked up by spam filters, but there are always a few that make their way to inboxes, so it’s critical to know how to identify phishing.

What are we doing about it?

Here at Miami, we have invested in a robust security infrastructure that strives to protect the information required for the university to function. The good news is that, if the response to the recent mandatory security awareness training is any indication, folks at Miami know what phishing looks like and are prepared to report it when it crops up. (Once again, we promise that the SANS messages are not phishing!)

We all have to do our part to keep our data secure. When everyone is well informed and staying vigilant, it can help prevent the kinds of attacks that plagued Atlanta at the end of March.

Here are some tips for staying safe against ransomware:

Accurately identify phishing

Phishing messages don’t always come in the form of the infamous ‘Nigerian prince’ scam. Sometimes, phishing messages will be engineered to look like they’re coming from legitimate sources—for instance, people within your own organization. This is called ‘email spoofing.’ The good news is: IT Services recently took action to prevent spoofing or at least better detect it when it occurs. The result is that users should receive fewer spoofed messages.

Check out our security site for more information about how to identify phishing messages.

If you receive something you think is a phishing message, please forward it to the security, compliance, and risk management team at InfoSec@MiamiOH.edu.

Back up your data

Ransomware encrypts computer files and demands payment in order to release them back to their rightful users. In some cases, if the payment is not made, the files will be deleted forever. In this case, it would be a good idea to have a backup handy.

Take the SANS security awareness training

The training will reinforce many of the points here and provides exercises to sharpen wits against phishing and social engineering. Faculty and staff will receive reminder emails periodically. In addition, if you haven't yet received an email about the mandatory training: Don't worry! It's coming! We are rolling it out in batches, so be on the lookout for it in your inbox sometime in the future.

Stay safe out there!