Will Hacktivists Turn to Ransomware?

The US presidential election is upon us and some political activists are out in the streets, and in convention halls. And some are busy hacking. I am referring to the hacktivists, those who illegally use technology to promote a social or political agenda. The main difference between hacktivists and other cybercriminals is that hacktivist crimes are typically associated with a protest or political motivation.

In the early days of hacktivism, hackers used computer worms to spread messages, such as the 1989 Worms Against Nuclear Killers (WANK) anti-nuclear message that sent system announcements on DEC VMS systems.

In recent years, hacktivists have used mostly web site defacing, data disclosure, and Distributed Denial of Service (DDoS) attacks to spread their message. Hacktivists typically do not create the attack technology.  They simply augment it for their use. With versions of Cryptolocker, Cerber, Locky, and Stampado for sale at reasonable prices, hacktivists have all they need to launch their own attacks.

Hacktivist ransomware? Not yet.

The good news is that we have not seen hacktivist ransomware – yet. It is a concern because it will differ greatly from the ransomware we know today. Some hacktivists may not even make a demand.  Encrypting the data will cause the disruption in business they desire.

Now is the time to guard yourself against such attacks. Take an inventory of the data in your organization so you know where it is. Next, back up the data and ensure it can be recovered in time. Lastly, ensure that users know that your organization has a plan in place to respond to ransomware (your backup strategy) and educate them on the process for spotting and reporting ransomware. That last step, prevention, is key to your success.

Three steps to data protection

Many organizations have found out too late that valuable data was on a device that they did not track, and these oversights have resulted in data breaches or data loss. Both consequences can be avoided when the organization understands what data they have and where it is located.

Craft a backup strategy that keeps the backup copies separate from the production copies so that ransomware will not infect both. The strategy should also allow for restores to be performed quickly enough so that business interruptions are kept to an acceptable minimum. In the industry, we call this the RTO or Recovery Time Objective. You also want to make sure the backups are performed frequently enough to avoid unnecessary data loss.

The final key to protecting your data from ransomware attacks of any kind is to communicate with employees. Ensure that they understand that the organization has a plan in place to deal with ransomware. In this way, employees will not feel that they need to take on the solution themselves by paying the ransom or, in the case of hacktivism, performing the requested action. Employees should also understand how to report ransomware so that the organization can respond to the incident quickly.

If hacktivism follows the route many believe it will, hacktivist ransomware will eventually enter the scene. Protect yourself from all ransomware by putting the right controls in place before the attack.

As always, thoughts and ideas are my own. This insight wouldn’t be possible without the help of my associates at Carbonite.  For more news and information on the battle against ransomware, visit FightRansomware.com

Leave a Reply