Ransomware has grown over the last few years into a lucrative enterprise with a successful business model. Companies and individuals, not to mention water and wastewater utilities, around the world fall prey to ransomware. Ransomware is malicious software that computer users unwittingly download and install to their systems. Once installed, the malware encrypts accessible data on the organization’s network, including backup drives. The attackers then demand ransom in return for unencrypting the data. In some cases, the malware destroys backup drives, providing users with additional motivation to pay the ransom. Where data cannot be restored from backup drives, victims either accept that their data is no longer available to them or pay the ransom, earning criminals millions and millions of dollars.
Palo Alto Networks, a network security firm, published two papers this month on ransomware that water utilities may find useful. Top Recommendations to Prevent Ransomware provides a basic description of how ransomware works and offers several mitigation suggestions. Ransomware: Unlocking the Lucrative Criminal Business Model, by Palo Alto Networks’ Unit 42, provides background information and discusses the evolution of ransomware. According to Unit 42, mitigation involves preparation, prevention and response. Preparation focuses on strengthening the organization’s backup process, including storing backups away from the network, testing the recovery process and reducing write access on network drives. Prevention includes blocking executables downloaded through email or from a web browser is key, along with endpoint control restricting those same files. For response, organizations should maintain awareness of different malware families to identify resources that can facilitate the response. For additional ransomware resources visit WaterISAC.