The International Multi Track Conference on Sciences, Engineering & Technical Innovations, The CT Group of Institutions, India

The International Policing Forum, The People’s Public Security University of China, China

The Conference Cybersecurity Challenges, Marshall Center, Romania

IDC IT Security Roadshow, The International Data Corporation (IDC), Romania

The Seminar GoDigital, PRISMA European Network, Romania

The International Law Enforcement Cooperation Course, The European Union Agency for Law Enforcement Training (CEPOL), Hungary

The AEPC Conference & General Council Meeting, The Association of European Police Colleges (AEPC), Turkey

Challenges and Opportunities in Cyberspace Workshop, Al. I. Cuza Police Academy, Romania

Challenges and Opportunities in Cyberspace Workshop - Second Edition, Al. I. Cuza Police Academy, Romania

Tor and Darknet Course, The European Union Agency for Law Enforcement Training (CEPOL), Romania

 

How can we protect computer systems from new forms of ransomware?

Photo: Govtech

The question of the moment, according to the latest alerts, is whether we can protect computer systems from new forms of ransomware that affect institutions.

What is ransomware?

Ransomware are applications that block or restrict user access to the computer system or data in electronic format until a ransom is paid to cyber criminals. Ransomware attacks have become a preferred method of cybercrime groups with the emergence of virtual coins that facilitate the ransom.

The concern is that when a computer system is infected with ransomware, the options are limited:

  • The first option is to pay the ransom, to unblock access to the system or encrypted data. This is not recommended because paying the ransom fee invites future attacks and is not a guarantee that the attackers will deliver the decryption key after payment. There have been cases where victims were left with encrypted data, although they had honored the ransom. Moreover, once it is known that an institution has made such a transaction, similar additional attacks for progressive remuneration will follow;
  • The second option is the denial of payment, which would reduce the chances of future attacks, but carries the risk of not recovering the data. In this case, there are competent institutions that can offer specialized assistance to the victims.

Most attacks of this kind are not specifically targeted, they are cyber-attacks of opportunity. The cybercrime groups focus on organizations with vulnerable computer systems, that have not implemented the minimum cybersecurity measures, in order to infect them and obtain material benefits. Their preferences are usually directed at institutions in critical areas who cannot afford to leave the computer systems disconnected for long periods of time, thus enhancing chances for payment.

Hospitals also represent targets of cyber criminals. Unlike other institutions that have gradually integrated technology over several years, digitization in the medical field has only recently been achieved. For this reason, resources are not allocated to ensure the security of computer systems, making them particularly vulnerable to cyber-attacks.

Photo: Europa EU

The NIS (Network and Information Security) Directive

In the context of computer systems in critical areas, we highlight the Network and Information Security Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016, which aims to raise the level of readiness of the Member States of the European Union to deploy countermeasures and deal with cybersecurity incidents. It aims to improve national capabilities, promote a culture of risk management and reporting of cyber-security incidents, both among key service providers and digital service providers in the Member States.

The NIS Directive is transposed at the Romanian level by Law no. 362/2018 on ensuring a high level of security of networks and information systems, which entered into force on 12 January 2019. The law addresses service operators in 7 critical sectors: energy, transport, banking, financial market infrastructures, health, drinking water supply and distribution, digital infrastructure and digital service providers: online market places, search engines and cloud computing services.

According to art. 25 par. (2), the National Cyber Security Incident Response Team (CERT-RO) will develop guidelines to support the implementation of minimum-security measures for key service providers and digital service providers provided for in Law no. 362/2018. Some of the technical standards to be developed by CERT-RO will focus on user awareness and training, testing and evaluation of network and information security, incident response, risk analysis and assessment, protection of products and services related to computer networks and systems, vulnerability management and cybersecurity alerts.

Therefore, by implementing minimum cybersecurity measures for key service providers and digital service providers, IT systems will be better secured and less vulnerable to cyber-attacks of ransomware.

Photo: Wmep

How can we protect our computer systems?

Ransomware attacks are distributed through social engineering techniques (user deception) or by exploiting vulnerabilities in operating systems. In most cases, infections are possible due to inattention or inappropriate user information about the risks associated with cyberspace.

In order to keep our systems from becoming infected, it is necessary to pay close attention to the content of emails or social networks. Thus, it is recommended:

  • Not to open files attached to messages from unknown people or with strange content. If these files are needed, they must first be downloaded locally and then scanned with an updated antivirus solution;
  • Not to open links from suspicious messages. It is possible to check the actual destination of the links by moving the mouse pointer over them and viewing the real address in the bottom left corner of the browser window. If link access is mandatory, it is not recommended to directly access it, but to copy the link and open it in another tab of the browser.

For securing computer systems, we should:

  • Periodically update operating systems. Regardless of the operating system used: Windows, Linux, MacOS, iOS or Android, there are vulnerabilities that can be fixed by updating them;
  • Periodically update Internet browsers. It is recommended to enable automatic updating of these applications;
  • Install an antivirus solution. Antivirus solutions that have implemented heuristic features help prevent malware not yet detected. Antivirus software must also be periodically updated;
  • Periodic back-ups. After backing up, the users should disconnect the system from the back-up, because there have been cases where the data has been infected for both the operating system and the copy.

What we can do in case of a ransomware infection?

If a person or institution is the victim of a ransomware attack, they can call the unique number 1911, launched by CERT-RO, in order to report cybersecurity incidents.

The number 1911 is accessible from all networks and can be used by individuals, companies, and public institutions to provide primary assistance and counseling to diagnose and fix cybersecurity incidents.

Photo: Europol

The No More Ransom Project

It is very useful to mention that there is the project No More Ransom, an initiative of the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and McAfee, to help the victims of ransomware recover their data without paying the attackers.

In case of infection, this website can be accessed to find a suite of tools that can be used to decrypt the data. It should be noted that within this project, the Romanian Police and Bitdefender are associate partners that have contributed to the development of new decryption tools.

In conclusion, minimal cybersecurity measures, together with attention to Internet browsing, downloading attachments or accessing email messages, can prevent loss of data crucial to us or the institutions we work for.