dle security well,” he added.
Originally a problem in Russia, inci-
dents of ransomware extortion began springing up in Europe and the United States about five years ago. Although dozens of ransomware variants are known to exist in the wild, many are based on the same destructive malware — including CryptoLocker, Locky, Sa- mas and CryptorBit — that has been tweaked over time.
Last year, U.S. businesses and agen- cies reportedly paid more than $24 mil- lion in ransom in almost 2,500 cases, according to statistics from the Internet Crime Complaint Center. DHS’ National Cybersecurity and Communications In- tegration Center received 321 ransom- ware-related activity reports affecting 29 federal agencies from June 2015 to April 2016.
And those are just the incidents that have been reported. Experts believe that if the ransom is low enough and
the assets are highly valued (and not recently backed up) by the agency, many organizations might just pay the hackers — which makes that kind of crime all the more appealing for hack- ers looking for profitable, low-risk scores.
“These are sophisticated attacks, but they’re going for quantity over quality,” Weatherford said. “They can make a lot of money, and the risk to them is very low.”
Additionally, because the hackers typically do not steal the data, just en- crypt it, the crime of theft has not been committed, he added.
“It really depends on your com- pliance requirement whether you are mandated to report [such inci- dents],” Weatherford said. “So in many cases, it’s easier to pay the ran- som than to make a big stink. This is not a security decision — it’s a busi- ness decision.”
DIGITAL SERVICES CONUNDRUM
Unfortunately, ransomware is becom- ing more pervasive for agencies as they move operations and citizen services online.
“All of our work is being done online and is expected to be ever more online,” said Kristine Trierweiler, assistant town administrator for Medfield, Mass. “Our end users are not as versed in security as they could be. The phishing schemes have become very sophisticated, fool- ing even those who are proficient in online trends.”
When Medfield employees arrived at work one Monday morning earlier this year, “several of the computers in the building had a pop-up message on the screen saying that we had been hacked, that this entity had control of all of our data and that we needed to contact them to discuss the ransom,” Trierwei- ler said.
After confirming the legitimacy of the
BUILDING A SECURE MISSION-READY ENTERPRISE
SESSION 1
CYBER THREAT LANDSCAPE: LESSONS LEARNED IN 2015 www.gcn.com/akamaicyberthreat
SESSION 2
CLOUD SECURITY: BUILDING ON THE
FEDRAMP FOUNDATION www.gcn.com/akamaicloudsecurity
SESSION 3
DIGITAL SERVICES: IMPROVING THE
MOBILE USER EXPERIENCE www.gcn.com/akamaidigitalservices
SPONSORED BY
GCN WEBCAST SERIES
GCN AUGUST/SEPTEMBER 2016 • GCN.COM 31
ON-DEMAND NOW!