Skip to main content

Information Technology News

Case Study 5: Practice Safe Web Browsing to Avoid Ransomware

Posted by on Monday, October 19, 2015 in News.

This is the fifth of a series of case studies to be released during October for National Cybersecurity Awareness Month. Vanderbilt IT will publish new case studies Mondays and Thursdays throughout the month.

One of the latest threats in the cyber world is the use of ransomware. Ransomware is defined as a type of malware that prevents a user from accessing his or her system through various forms of encryption. In order to unencrypt these systems, users must submit a key. However, hackers and other malicious users request a form of payment, or ransom, from the user in exchange for the key.

Typically, ransomware is sent through several spoofed channels, and payments are usually requested in “Bit tokens,” making the assailant practically untraceable. By design, these threats leverage an encryption capability that is intended to be uncrackable. Because of this, at times, paying the ransom seems to be the only way to resolve the threat.

A local sheriff’s department in Dickson, Tenn., recently fell victim to a more popular ransomware type known as “CryptoWall.” While listening to WDKN’s online radio stream, an employee clicked on a scrolling advertisement on the streaming radio player. This immediately launched the CryptoWall attack, rendering the system and any networked systems/shares unusable. In addition to encrypting entire systems and networked shares, a window automatically displays with instructions on how to complete the ransom transaction.

During this incident, the local sheriff’s department lost access to most management systems and department database shares that contained sensitive case files for ongoing investigations. The department’s IT support was able to restore some functionality with system backups; however, 72,000 files remained affected. Because the information was so critical, the department paid the ransom of $572 to the hackers.

The CryptoWall threat has been identified as far back as November 2013 and has become a threat that continues to grow in popularity. A system can be exposed to ransomware through email, web browsing, advertisements and other forms of malware. Ransoms have ranged from $200 to reported cases of $10,000 or more.

The good news is that ransomware can be avoided. Practicing safe browsing habits (listed below) and ensuring that all virus and anti-spyware/malware software are up to date on machines can prevent CryptoWall or a similar threat from infecting machines.

Safe Browsing Habits

  • Never click on pop-ups.
  • Ensure OS and browser(s) are up to date and/or patched.
  • Maintain an active, up-to-date firewall software.
  • Never respond to spam emails.
  • Only open known or expected email attachments.
  • Do not click on links included in emails. Always copy and paste links to a browser.
  • Avoid using a personal email account to register for random or short-term services.
  • Avoid using peer-to-peer (P2P) network programs.
  • Use a reliable site advisor, such as McAfee SiteAdvisor, to help you avoid potentially malicious sites.