May 22, 2022

Volume XII, Number 142


May 20, 2022

Subscribe to Latest Legal News and Analysis

May 19, 2022

Subscribe to Latest Legal News and Analysis

Ransomware: How It Works and What You Can Do

“Ransomware” is making big news, with reports that a California hospital paid $17,000 to regain access to its network after malware locked access to files. This is a case, however, of the news catching up to the facts. Ransomware has been one of the fastest growing forms of cyberattack over the last year. According to media reports, as many as 100,000 computers per day are being infected with ransomware. 

These increasing ransomware incidents serve as the latest warning that companies need to take steps to protect against costly and damaging cyberattacks. 

How Ransomware works 

Without getting too technical, ransomware works by infecting a computer, then using modern cryptography methods to encrypt files. Once encrypted, the files cannot be decrypted without the “key” that the hackers provide when you pay them ransom. Since we are talking about encryption schemes that would take supercomputers years to break, there is (with one increasingly limited exception) no way to regain access to the encrypted files without paying for the key. 

We mentioned an increasingly limited exception. A couple of years ago, when one ransomware ring was taken down by law enforcement, some of the private keys that ring used to decrypt were recovered. Thus, if the ransomware variant that infected your machine happens to be the increasingly outdated version that matches these keys, then you have a shot at getting your files back without paying the ransom. But, the hackers are very aware of this loophole, and more modern ransomware variants do not respond to the captured keys. 

How Ransomware is spread 

The delivery methods keep evolving, but almost all delivery mechanisms have something in common: human help. Common delivery methods include such human-machine interactions as opening infected email attachments, and visiting websites which inject the malware into the user’s machine. While even the most innocent websites can be hijacked to deliver malware, the shadier websites are the most likely to give you an unwanted infection. 

These delivery methods have several implications which help explain ransomware’s rapid proliferation. First, the hacker doesn’t have to put any thought into making you a target. He or she just has to cast the malware about (much like throwing seed into the air), and then wait for you to call once you are infected. Second, ransomware has an extremely high ROI for the hacker’s limited efforts. The hacker has to write (or buy) the ransomware once (and it’s not expensive to acquire), seed it once, and then sit back and watch the profits roll in from thousands of infections. 

What you can do 

While nothing provides a bulletproof solution to this growing problem, implementing and strengthening several measures can lower your risk: 

•Because much of this malware infects machines by tricking the user, raising user awareness of this problem is crucial. Users who are more resistant to clicking on suspicious email links and visiting shady  websites are your best means of lessening exposure. You should realize that: 
       ◦Inattentive users run a very real risk of bringing damaging cyber-infections into the company. 
       ◦“Think before you click” on email attachments and imbedded links is an important defense. You are far better off having users who over-report suspicious links to IT than with users who are overly trusting. 
       ◦Web browsing should be limited to those business sites that are necessary for your operations.. 
       ◦If your users have the ability to link to company systems from their personal computers or other devices, understand that applying these rules to their personal device use makes them, and the company, safer. 
•Encourage prompt employee reporting of potential problems. Even the most diligent employee may fall prey to a malicious email. Employees who fear discipline or termination will be much less likely to swiftly report potential problems. You will eventually discover you’ve been compromised, but only after the damage has multiplied. 
•Backup frequently. Losing a file to encryption is much less problematic if you have a clean backup copy. Review your backup procedures, and make sure you have a robust backup process.

© Copyright 2022 Armstrong Teasdale LLP. All rights reserved National Law Review, Volume VI, Number 65

About this Author

Lucas Amodio, Intellectual Property Attorney, Armstrong Teasdale

Lucas Amodio is an associate attorney in the firm’s Intellectual Property practice group. The majority of his practice focuses on high-technology and computer-related matters involving patent law.

A former software engineer and patent examiner, Lucas guides in-house counsel, inventors and patent examiners in applying for and protecting U.S. and foreign patent applications. In a variety of fields, he counsels through the distinctive stages of product design and development to ensure consistency. Lucas is also a Certified Ethical Hacker (C|EH) through the International Council of E-...

Daniel C. Nelson, Armstrong Teasdale Law firm, Litigation Attorney

Dan Nelson is an accomplished trial attorney working in the area of commercial litigation and information security and privacy law. In both state and federal courts, he represents plaintiffs and defendants in commercial cases including matters involving trade secrets, contracts, securities, corporate governance and legal malpractice. Dan has tried over 40 cases to verdict.

Jeff Schultz, Business Litigator, Armstrong Teasdale Law Firm

Jeff Schultz is an experienced business litigator who has extensive knowledge about the field of data security and privacy. This background led him to be named co-chair of the firm’s Data Security and Privacy practice group and the former chair of The Missouri Bar’s Technology and Computer Law Committee. Jeff is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals.

As a litigator, Jeff routinely represents individuals and organizations in complex commercial disputes, including those involving the misappropriation of...