Ransomware Guide
AUTHOR
John Giantsidis, JD, M.Eng. | 2021 – 2024 Member, The Florida Bar’s Standing Committee on Technology
Introduction
We are immersed in a technological evolution caused by the eruption of the Internet, the exponential growth of mobile devices, cloud services and, most recently, the Internet of Things (IoT). As expected, this evolution is not without risks, since the same advantages of immediacy, mobility, ubiquity, ease of payment, communication from which law firms, clients and users benefit, are also taken advantage of by those engaged in illegal criminal activities.
Among the malicious activities that provide cybercriminals with a quick economic benefit, a type of malware (malicious software) focused on extortion, called ransomware, stands out for its success. The objective of malware is to block access to the affected device or some of the information it contains and then ask for a ransom in exchange for unlocking it. This type of malware proliferation is related to advances in cryptography (encryption algorithms that allow access to information only to those who know the unlock key), the proliferation of devices connected to the Internet, as well as the increasingly widespread use of international payment systems with virtual currencies that allow anonymity, such as bitcoin. These circumstances allow cybercriminals to obtain a high economic return, by providing them not only with diversity and permeability of the targets for their attacks, but also a great facility to hide.
Ransomware affects any user, business, or activity by demanding the payment of a ransom in exchange for the return of access to their information. This malware is affecting home users, businesses, governments, and even critical services, such as hospitals or power plants. A ransomware attack can cause temporary or permanent loss of information and disrupt normal activity, causing economic or reputational losses and, in some cases, considerable damage to the population when attacks occur against the critical infrastructures of a country.
Ransomware affects all types of computers: desktops and laptops, web servers, file servers, other servers, and mobile devices. Currently, the take-off of the IoT and the increasing Internet connection of previously isolated industrial devices is leading to a new area of action for cybercriminals. These devices automate, for example, the lighting, heating, production chain of companies or the control of their vehicle fleet.
Cybercriminals take advantage of the vulnerabilities of these devices to, among other actions, infect them with ransomware, forcing companies and law firms to make the payment of a ransom to be able to recover access to them. In this guide I propose actions to recognize, prevent and mitigate this threat.
Introduction
What is Ransomware
The Mechanics of a Ransomware Attack
Why do cybercriminals demand ransom payment in cryptocurrency?
How does ransomware infect devices?
Types of ransomware
How can you protect yourself?
Awareness and training
How does a social engineering attack work?
How to recognize a social engineering attack?
Prevention
Backups
Browse safely
Updates
Minimum privileges
Minimal exposure
Incident Response Plan
Audits
What to do if impacted?
How do I recover my activity and data?
Why don’t you have to pay the ransom?
ABOUT THE AUTHOR
John Giantsidis, JD, M.Eng. is the president of CyberActa, Inc, a boutique consultancy empowering medical device, digital health, and pharmaceutical companies in their cybersecurity, privacy, data integrity, risk, SaMD regulatory compliance, and commercialization endeavors. He is also a member of the Florida Bar’s Committee on Technology and a Cyber Aux with the U.S. Marine Corps. He holds a Bachelor of Science degree from Clark University, a Juris Doctor from the University of New Hampshire, and a Master of Engineering in Cybersecurity Policy and Compliance from The George Washington University.
This LegalFuel publication is intended for educational purposes only and does not replace professional judgment. Statements of fact and opinions expressed are those of the author individually and, unless expressly stated to the contrary, are not the opinion of The Florida Bar or its committees. The Florida Bar does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information published. Any feedback should be provided to the author.
VIEWS AND CONCLUSIONS EXPRESSED IN ARTICLES HEREIN ARE THOSE OF THE AUTHORS AND NOT NECESSARILY THOSE OF FLORIDA BAR STAFF, OFFICIALS, OR BOARD OF GOVERNORS OF THE FLORIDA BAR.