Thanks to Credit UnionTimes for continuing to be an advocate for information securityissues.

As an information security professional, I believe we needvoices that advance awareness of the risks we all face from growingcyber threats, such as the ransomware that was the subject of aMarch 16 article (“LockyRansomware Infecting 9,000 Systems Daily”). Ransomware is athreat that is rapidly expanding its capabilities and footprint,and it's wreaking havoc along the way.

Cybercriminals' use of ransomware, such as Locky, CryptoLockerand CryptoWall, saw tremendous growth in 2015, a trend that McAfeeLabs predicted will escalate among financial institutions and localgovernments in 2016. Even more troubling, ransomware thieves arerefining their skills to cause increasing financial andreputational damage to their victims.

Ransomware is malicious software that infects computers and thenproceeds to encrypt data on the hard drive, primarily files fromapplications such as Microsoft Excel and Word. It can then spreadits mayhem across mapped network shares to critical files oncompany servers. Organizations receive a pop-up or locked screensaver that provides instructions on how to pay a ransom, generallyusing an online payment system such as Bitcoin. After receivingpayment, the criminals send victims the private key(s) to decryptlocked files and recover from a very effective denial of serviceattack and loss of access to customer data.

Generally, having good backups of critical data is an effectivemitigation strategy to recover from these attacks. But the newer,more sophisticated variants of ransomware are starting to encryptdata across unmapped network shares, which could end up encryptingnetwork-accessible data backups. To combat this, backup data shouldbe air-gapped from the network, not stored on hardware connected tothe internet.

Sollievo believes the most effective controls to prevent theseinfections are also the most basic. We recommend that credit unionsreview the CIS Critical Security Controls on the Center forInternet Security website, which lists cybersecurity controlsthat are easy to read and understand. We're aware of credit unionsthat have been victimized by ransomware infections but,fortunately, were able to recover by using backups. Not everyone isso well prepared, and many businesses and government entities havehad to pay to recover their data.

Richard Carberry

Senior Consultant

Sollievo

Harrisburg, Pa.