Community News Security

Ransomware and beyond

By Pier Luca Montessoro, University of Udine

One day, one very bad day, you open your laptop and a red screen informs you that all your files have been encrypted and you have to pay a ransom in bitcoin to get them back. And what is worse, you know (or you should know) that maybe your data has been stolen too, and maybe you will never receive the key to decrypt it, even after the payment.

Ransomware is a sad reality, currently the most prominent malware threat, and every user, from large, medium, or small companies to private citizens is targeted. Most of the times the attack makes use of social engineering strategies, trying to deceive the victim, for example, with carefully crafted mail messages. Knowledge and awareness are the first lines of defence, but we are continuously under attack, and sometimes a trivial mistake or a distraction can transform us from target to victim.

Therefore, we must be ready to face the adverse event. Prevention, redundancy, backup, maybe a little paranoia. We must start thinking that it will happen. To us. This way we can really understand the consequences and be motivated to take actions in advance.

However, if we limit our prevention strategy to data recovery, we miss the opportunity to reflect on the problem of the unavailability of the digital systems due to cyber attacks. For example, to be sure to get back our data after a successful ransomware attack which executed a crypto locker program in our computers, we must implement a rigorous strategy of frequent backup based on duplicated off-line devices stored in different and safe places.

But security is not all about data. Security is also availability of services. Hence, ransomware becomes a starting point to reflect on the possibility that services may no longer be available, temporarily or even permanently.

Service providers have excellent solutions to ensure continuity of services: redundancy of data centres, servers, storage systems, power supplies, network connections. Despite all this, targeted attacks can still cause disruption of services, although fortunately these are extremely rare events. The real problem is with the end user. Your computer or smartphone, home, office, or company network connection are rarely redundant. Since these systems are also very exposed to cyber attacks, as well as to loss and faults, it is essential to prepare appropriate backups not only of the data, but of the actual activities that rely on these systems. Unfortunately, this awareness is not widespread, and the consequences can be very serious.

The source of the problem is the tendency to ignore or overlook the possibility that common digital services may, at some time, no longer be available. Becoming victim of a ransomware attack is the most common and traumatic way to realise it. However, the problem expands far beyond the boundary of our computers.

Here are some examples. Our smartphone has suffered a cyber attack, or has been broken, lost or stolen. Do we have a secure copy of the contacts, immediately available (at least the emergency ones)? Was the access to the phone protected by a pin, password, or biometric authentication? Were the data and contacts protected by encryption? Have we organised ourselves in such a way as to be able to carry out at least the indispensable daily and work activities even in the absence of our smartphone and our computer?

In order to answer yes to these questions it is necessary to have thought about it in time, planning backups not only of the data, but also of the procedures, that is of the methods of carrying out the activities. Although trivial, keep with you a hard copy of the emergency contacts, in fact a constantly updated backup of the data and files we produce every day and a rigorous and systematic policy of protecting our devices are extremely effective tools.

The network also represents a potential critical element. Limits in the infrastructure, failures or cyber attacks can make access to services unavailable. That is why a careful balance is needed between what relies on the cloud and what is maintained or duplicated locally. The limited awareness of this problem is demonstrated, for example, by the number of hikers who rely on online maps and are then victims of accidents because they get lost in areas not covered by the network or because the smartphone battery has run out.

In conclusion, the digital evolution of our society presents elements of fragility which are insidious because they are not evident. Ransomware, like all other adverse events that for some reason block access to data and services, teaches us that it is necessary to be aware of these fragilities, learning to prevent damage and cope with the unexpected. We all have to do our part: private citizens, more or less expert users, technicians and service managers, designers, and all those who, like me, try to promote a careful and aware use of the extraordinary tools we have.


About the author
Pier Luca Montessoro is full professor in Computer Science at the University of Udine, Italy. His research interests, after several years spent on CAD systems for digital circuits design and on multimedia systems for e-learning, are currently focused on computer networks, ICT security and distributed controls and algorithms for agents-based systems.


Read more on the GÉANT Cyber Security Month 2020: https://connect.geant.org/csm2020