Ransomware has affected governments and businesses alike in the past decade, corrupting systems and files needed to do everyday business and causing sensitive consumer data to leak into the darker parts of the internet. (Photo by Clint Patterson on Unsplash)

By Tashi McQueen, AFRO Political Writer,
Report for America Corps Member,
tmcqueen@afro.com

As the world becomes more technologically savvy, so comes with it the threat of online crime. One of the latest digital threats to security has been ransomware.

According to the Cyber Security and Infrastructure Security Agency (CISA), ransomware is malware that encrypts files, causing connected systems to be unusable by their rightful owner. Hackers then offer a list of demands. File owners then have a choice to make: give in to the requests and procure the safe return of their documents or lose the files all together. When you’re a government agency- the decision isn’t so easy. 

The latest security report, released by the International Business Machines Corp. (IBM), showed that ransomware remains the highest form of cyberattack. However, X-Force, their counteracting software, has not had to fight off as many ransomware attacks in recent years. 

IBM recommends organizations create a response plan, as all businesses and institutions that do business online are classified as “at-risk.” They recommend running ransomware drills to determine an organization’s risk for a ransomware attack.

During the coronavirus pandemic, the Baltimore County Public School (BCPS) system was attacked by ransomware hackers. The 2020 ransomware cyberattack caused schools to shut down for three days, according to BCPS spokesperson Charles Herndon. 

“We quickly learned the damage ransomware attacks can do,” Herndon told the AFRO. “There was no system unaffected by the ransomware attack, from payroll to records to lesson plans. Our IT professionals, teachers, and staff throughout BCPS helped us pull through.”

The school system lost money, resources, and materials during the attack.

BCPS applied lessons learned from the incident and invested in a thorough upgrade to their system’s IT security.

“Ransomware is only one part of the equation,” said Jason Firch, CEO of PurpleSec, a D.C.-based cybersecurity company. “Attackers will always look for the easiest pathways, so I don’t see ransomware going anywhere soon.” 

He recommends that tech users take advantage of physical storage devices, like external hard drives, but suggests that people store them separately from their main devices to prevent further damage. According to CISA, if your information is backed up and stored on an external device, losing duplicate files in a ransomware attack on your computer or tablet will have less of an impact. 

Firch also suggests that consumers use app-based multi-point authentication. A two-factor identification process can prevent you from losing access to platforms like your email, in that each login requires authentication from another device. Firch advises businesses to obtain on and off-site backup for their systems as well as perform regular scans. A virtual private network (VPN) can also offer even more protection.

According to the Federal Trade Commission (FTC), “When you use a VPN app, certain data from your connected device or phone — like your browsing history or data from the apps you’re using — is sent through servers owned by the company providing the VPN. Most VPN apps encrypt, or scramble, the data sent between your phone and the VPN server.”  

This helps consumers, according to the FTC, because “If you’re using a VPN app on an unsecured public Wi-Fi network at your local coffee shop, anyone trying to snoop on what you’re doing online will only see gibberish — even if you’re visiting an unencrypted website.”

Nationally and internationally, ransomware attacks are a growing rampant threat.

The New Orleans City government, information technology software company, Kaseya, the D.C. Police Department, and government officials in Singapore have all fallen victim to ransomware in recent years.

The Biden-⁠Harris administration has highlighted the importance of proper cybersecurity and its commitment to improvement.

“We need everyone to do their part to meet one of the defining threats of our time,” said President Joe Biden, in a statement released earlier this year. “Your vigilance and urgency today can prevent attacks tomorrow as the threat of Russians attacking our nation through cyber activity remains.”

The White House has dedicated $1 billion to the State and Local Cybersecurity Grant Program (SLCGP). Among many other commitments, the administration aims to adopt new cybersecurity minimum requirements for government agencies.  

Biden also signed into law Executive Order (EO) 14028, “Improving the Nations’ Cybersecurity,” in May 2022, further encouraging national support.

CISA recommends every ransomware issue be reported to the U.S. government. Ransomware victims should report to the FBI, CISA, or the U.S. Secret Service at https://www.cisa.gov/stopransomware

Help us Continue to tell OUR Story and join the AFRO family as a member –subscribers are now members!  Join here! 

 

Leave a comment