US, Canada Issue Rare Joint Alert on Ransomware

In a rare instance that underlines the rising threat and menace caused by ransomware, the United States Department of Homeland Security (DHS) has collaborated with the Canadian Cyber Incident Response Centre (CCIRC) to release an alert on ransomware.

The United States and Canada have released a joint cyber alert to warn citizens against cyber extortionists who engage in criminal activity through ransomware. The menace is a strain of malware that typically encrypts a target’s computer data, rendering it inaccessible. The only way to retrieve or reclaim the data is by paying a ransom, typically in an electronic currency like Bitcoin.

The alert read:

[The DHS and the CCIRC] is releasing this Alert to provide further information on ransomware, specifically its main characteristics, its prevalence, variants that may be proliferating and how users can prevent and mitigate against ransomware.

The alert explains ransomware and its known variants, along with the means through which ransomware spreads.

Ransomware Dispersal Methods

The alert points out to phishing emails that contain malicious attachments; drive-by downloading wherein a user unknowingly visits and downloads malware onto the computer; crypto ransomware, wherein file-encrypting malware spreads through social media such as IM apps among others.

The most recently discovered strain of ransomware for its significance is known as Samas. Infamous for its exploits in targeting healthcare centers and hospitals, Samas targets entire networks, as opposed to individual machines.

Impacting Individuals and Businesses

“Infections can be devastating to an individual and organization and recovery can be a difficult process that may require the services of a reputable data recovery specialist,” the alert states.

While ransomware has predominantly been known to target home users up until recently, businesses have also been targeted lately by ransomware peddlers. The alert notes the negative consequences of such attacks, consequences that include:

  • Disruption to operations
  • Temporary or permanent loss of sensitive & proprietary information
  • Potential harm to an organization’s reputation.
  • Financial losses incurred to restore affected files and systems.

Notably, the alert asserts that paying the ransom does not always guarantee that the encrypted files will be released.

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information.

The Proposed Solution

Among a list of solutions as pointers prescribed by both the United States and Canada, the first one is also the most obvious solution: data backups.

Data backups and a recovery plan for all critical information are strongly recommended. More specifically, regular backups to limit the impact of data loss with the most recent backups will help recover from a ransomware attack. Notably, the alert urges users to keep the backed up data on a separate device, preferably offline.

The alert also suggests disabling macros in email attachments to ensure that hidden malware isn’t delivered to a targeted machine via malicious emails.

Regular updates to software and the operating system with the latest patches are also recommended, along with up-to-date anti-virus software.

Most notably, the joint alert discourages individuals and organizations from paying the ransom, since this does not always guarantee that the encrypted files will be released.

Featured image from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.