This Week’s Cybersecurity News, 01/06/2023

Share on

Happy New Year, everyone!

With the start of a new year, I wanted to devote this week’s e-newsletter to reviewing important information about an incredibly serious and costly type of cyberattack…ransomware. While you will see that I do not recommend paying a ransom, the word “costly” here also includes the time and effort involved in recovering from a ransomware attack, such as restoring data, sending notifications, handling the press, potential legal issues, and reputational damage.

Ransomware

  • Three US public sectors became popular targets in 2022, according to statistics compiled by Emisoft, a cybersecurity company.
    • Government
    • Academia
    • Healthcare

  • Within these three sectors alone, over 200 larger organizations across the US were hit.
    • 105 county offices
    • 44 universities/colleges
    • 45 school districts
    • 24 healthcare providers

  • Data collected showed that about half of these attacks had suffered from stolen data.

  • While not all victims choose to disclose these attacks, those public entities in these sectors are often held to very defined incident response policies that require the disclosure of such information.

  • How do you become a victim of a ransomware attack?
    • The FBI reports that the most common ways to unknowingly download ransomware are:
      1. Open an email attachment.
      2. Click an online ad.
      3. Click on a link.
      4. Visit a website that is embedded with malware.

  • What exactly is ransomware?
    • Ransomware is a type of malware that prevents you from accessing your computer’s files and/or networks, and demands that you pay a ransom for the return of those files, along with a key to allegedly decrypt the files.
    • Once you have downloaded the ransomware, its code is activated and loaded onto your computer, locking access to the computer and anything stored there.
    • Most versions of ransomware will encrypt files and folders on local drives and attached drives (e.g., external hard drives, flash drives), as well as networked computers.
    • After the code has been run, you will discover that you can no longer access your data and you will most likely see a message on your computer letting your know you have been attacked and there is a ransom demand.

  • What should you do if this happens to you?
    • Do NOT contact the hacker for any reason.
    • Do NOT turn off the computer!
      • There may be some forensic data that can be collected, along with potential evidence stored in memory.
      • Shutting off power to the computer will prevent ransomware infection artifacts and evidence from being preserved.
    • Immediately disconnect from any network you are on (e.g., UT wireless, home wireless, UT ethernet, home ethernet, cellular network) to isolate the attacked computer and to protect any other computers that are on that network.
    • Contact me immediately via my cell phone (865-806-5224), no matter the day or time.
      • If I do not answer, please leave a message.
      • If I don’t recognize a caller, I won’t answer for same reasons I tell you not to!
      • Please leave your name, number, location, and a brief description of what has happened.
      • I will work with you, UT, the State, and appropriate law enforcement to help with this matter.
    • Do NOT pay the ransom!
      • Paying a ransom is not endorsed by the FBI or any other federal government entity.
      • Paying a ransom is not a guarantee that you will get all…or any…of your data back.
      • Paying a ransom only encourages cybercriminals to continue these attacks.

  • How can you avoid a ransomware attack?
    • Don’t click on email attachments or links unless they are expected or you have verified their validity.
      • NEVER reply to an email to inquire about the validity of the attachments and links, but if you know the sender, including companies with whom you work, call their known number or send them a brand new email to ask.
      • If you don’t know the sender or don’t do business with their company, please delete the message or mark it as junk.
      • Forward the message to me and I will take a closer look without clicking the links or attachments.
    • Keep your operating system and all software current and up-to-date.
      • The Institute uses ManageEngine’s Endpoint Central, formerly known as Desktop Central, to automatically update OSes, UT-provided apps, and most third-party apps.
      • It is important to make sure these updates are being allowed to run as soon as possible.
      • If you must postpone an update because it will interfere with a process that is currently being run on your computer, please make sure the update runs as soon as you are finished.
    • Make sure Microsoft Defender is not only being updated but is also running regular scans.
      • Endpoint Central is configured to make sure Defender is updated and being run.
      • You can check the status by clicking on the “^” in the lower right corner of the system tray and click on the blue shield for Microsoft Security.
      • Click on “Virus & threat protection” to see when the last scan was run, how many files were scanned, and if any threats were found.
      • If you ever feel the need to run your own scan, click “Quick scan” here or, for a complete scan click “Scan options” and choose “Full scan”.
    • Back up your data regularly!
      • Backups will ensure you have all your data that can easily be restored without having to worry about anything else.
      • Use an external hard drive or flash drive to do the backup and make sure the backup is completed, but ALWAYS remove the drive so that the backup can be securely stored.
      • If you have data classified as moderate, high, or business critical, these backups must be stored at an alternate location, meaning safe, secure, and away from the computer’s actual physical location.
      • OneDrive and Google Drive is certified for storage of most any type of data and these are backed up for you in the cloud, but you MUST be using the business versions offered by UT.
      • Visit File Storage: Options for Sharing and Storing Files at UT to learn more about UT’s cloud storage options.

As we start the new year, I want to say that I truly appreciate you sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. Thanks to a request, I do include CVM students. However, if anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it, as well. I do this as a blind copy so student names and addresses will not show up!

Thanks for all you do to protect the Institute and its data. I am here to help you, so never hesitate to let me know if you have questions or concerns.

I wish every one of you a very safe, happy, healthy, and blessed new year!!!

Sandy