Of course everyone knows that hacking into a computer is a federal crime, and infecting a system with ransomware already falls into that bucket. However, California’s SB-1137, signed into law last Tuesday by Governor Jerry Brown, is the first one that specifically expands extortion laws to include ransomware.
The bill’s support in the California Senate was helped by testimony from Hollywood Presbyterian Medical Center, where operations were largely shut down by a ransomware infection. The attackers sent the decryption code after the hospital paid $17,000 in Bitcoin.
It is very easy to hide your tracks as a ransomware criminal. Very few people have been arrested for ransomware attacks in the continental U.S. From our perspective, the California bill is more of an “awareness” thing than anything else. Some hackers decided to have some fun with it and soon after the California Senate passed it, its site was hit with ransomware and in a separate attack, Sen. Bob Hertzberg who introduced the bill, saw his office also hit.
Though it’s existed for at least 10 years, ransomware has skyrocketed since September 2013 with CryptoLocker. Europol declared Wednesday it’s the internet’s “most prominent malware threat.” The FBI has issued multiple warnings to American businesses. Prevention requires a multi-layered approach.
Here Are 8 Things To Do About It (apart from having weapons-grade backup)
- From here on out with any ransomware infection, wipe the machine and re-image from bare metal.
- If you have no Secure Email Gateway (SEG), get one that does URL filtering and make sure it’s tuned correctly.
- Make sure your endpoints are patched religiously, OS and 3rd Party Apps.
- Make sure your endpoints and web-gateway have next-gen, frequently updated (a few hours or shorter) security layers.
- Identify users that handle sensitive information and enforce some form of higher-trust authentication (like 2FA).
- Review your internal security Policies and Procedures, specifically related to financial transactions to prevent CEO Fraud.
- Check your firewall configuration and make sure no criminal network traffic is allowed out.
- Deploy new-school security awareness training, which includes social engineering via multiple channels, not just email.
Since phishing has risen to the #1 malware infection vector, and attacks are getting through your filters too often, getting your users effective security awareness training which includes frequent simulated phishing attacks is a must.