The Ransomware Threat
Attackers encrypt data and then require money to decrypt them - that's ransomware. After all, several state institutions and hospitals in the Czech Republic have already tasted it in this rough form.
What is it about?
Ransomware is a type of malicious code that, when executed, encrypts all data on a device using a secret key. Only the attacker knows the key. That’s why the user loses access to all their data. Ransomware is hungry, and if given the opportunity, it uses it well and spreads itself to all other connected devices. Once all the data is encrypted, the ransomware displays to the user the information about what just happened – that the data is unreadable and the only way to get it back from the attacker is to pay a high ransom in one of the cryptocurrencies. The sum of required money corresponds to the affected entity's financial possibilities. In the case of an individual, it can be units up to thousands of Euros. Of course, a much higher price in the case of a company. It is an amount of money that is not negligible, but the subject is able to pay it. However, no one can guarantee that the data will actually be decrypted after paying the ransom.
The Benesov case
Unfortunately, the Benesov hospital also experienced the inconvenience of ransomware. The attackers broke into the internal systems and caused a severe security incident. As a result, the hospital service was significantly affected. No laboratory or other appliance could be started, and the computer network was also down. For an institution with such a large amount of sensitive data about people, such as a hospital or a university, education on this topic is vital.
It's like a thief breaking into your apartment, changing the lock, and demanding a lot of money for the key to your own house. This is because cryptocurrencies enable completely anonymous funds transfers, so payments cannot be traced back to the attacker.
Is there a threat of ransomware at Masaryk University as well?
The same fraudulent e-mails received by users of the Benesov hospital are already trying to attack Masaryk University. That's why we're glad you've read this far. Well-informed users are a hacker's worst nightmare. Fraudulent e-mails try to convince you of an unpaid amount of money to force you to download malicious code.
How to defend yourself?
Sharpen up if you receive an unexpected e-mail that urges you to open the attachment. The goal of fraudulent e-mail is to arouse your curiosity or desire to open the attachment. The attachment may look like it contains your family photos or that you received a great New Year’s bonus from your employer.
You can always follow a simple rule: If the e-mail is unexpected, we don’t open the attachment. And if we want to ensure we verify the authenticity of the e-mail (for example, by phone).
If you receive one of the described e-mails, do not click on it, and do not download any attachments under no circumstances. However, be sure to contact our team at csirt@muni.cz. You will help yourself and others by doing so.
What about prevention?
As you probably already know, preventing fire is better than fighting it. Preventive measures can also be taken against ransomware. A regular and thorough backup of all the critical data will help you to avoid the devastating consequences of ransomware. ICS MUNI offers its users several backup services and other storage spaces. All employees, students, and other users can use these services for free. In addition to classic backup storage, popular synchronization cloud storage is also offered these days. There are several different ones available to users: Microsoft's OneDrive (as part of Office 365), Google Drive, CESNET's OwnCloud, and B2DROP's OwnCloud.
Last rescue files
Online storage is a very convenient and practical service that can serve well as a backup with automatic synchronization, but there is one BUT.
Sync repositories are, without a doubt, an excellent service that helped us out many times. How do such repositories work? The service you use automatically saves your files (for example, the folder with your master thesis). Then, if you somehow lose the file, you can find it in an online backup. What happens to your folder that is set to sync if it is attacked by ransomware? Encrypted files overwrite the original data. The result is that even backups on other devices are unreadable. Encrypted data will simply skip to the Cloud.
However, this problem can be easily solved under certain circumstances and defeat ransomware. Most sync repositories offer at least some functionality to recover ransomware-encrypted data. This is so-called versioning, where a history of previous (unencrypted) versions of files is stored. However, even versioning features are often limited in many different ways. Among the most common restrictions is a limitation of the amount of data that can be stored in cloud storage or a limitation of the time period in which the data is available for restoration in its original form. Cloud sync storage can therefore be the last resort in the case of a ransomware attack. However, it cannot replace the classic backup method. Masaryk University offers students and employees free storage on One Drive, with versioning set in the default settings. You can visit this official website to learn more about how to work better and more efficiently with storage.
In the case of ransomware, the most suitable option for data protection is a classic backup (for example, to an external drive) but be careful. Do we all regularly store all critical data on physical storage? That’s why it is wise to combine both methods.
In conclusion
If you want to learn more about internet security quickly and efficiently in one place, use the Security of devices module in our online course Cybercompass, which is free and open to everyone. You will gain more confidence in cyberspace and avoid unpleasantness more easily. You can find everything important about cybersecurity at Masaryk University on our web: security.muni.cz.