Ransomware and beyond

One day, one very bad day, you open your laptop and a red screen informs you that all your files have been encrypted and you have to pay a ransom in bitcoin to get them back. And what is worse, you know (or you should know) that maybe your data have been stolen too, and maybe you will never receive the key to decrypt them even after the payment.

Ransomware is a sad reality, currently the most prominent malware threat, and every user, from large, medium, or small companies to private citizens are targeted. Most of the times the attack makes use of social-engineering strategies, trying to deceive the victim, for example, with carefully crafted mail messages. Knowledge and awareness are the first lines of defense, but we are continuously under attack, and sometimes a trivial mistake or a distraction can transform us from target to victim.

Therefore, we must be ready to face the adverse event. Prevention, redundancy, backup, maybe a little paranoia. We must start thinking that it will happen. To us. This way we care really understand the consequences and be motivated to take actions in advance.

However, if we limit our prevention strategy to data recovery, we miss the opportunity to reflect on the problem of the unavailability of the digital systems due to cyberattacks. For example, to be sure to get back our data after a successful ransomware attack which executed a cryptolocker program in our computers we must implement a rigorous strategy of frequent backup based on duplicated off-line devices stored in different and safe places.

But security is not all about data. Security is also availability of services. Hence, ransomware becomes a starting point to reflect on the possibility that services may no longer be available, temporarily or even permanently.

Service providers have excellent solutions to ensure continuity of services: redundancy of data centers, servers, storage systems, power supplies, network connections. Despite all this, targeted attacks can still cause disruption of services, although fortunately these are extremely rare events. The real problem is with the end user. Your computer or smartphone, home, office, or company network connection are rarely redundant. Since these systems are also very exposed to cyber attacks, as well as to loss and faults, it is essential to prepare appropriate backups not only of the data, but of the actual activities that rely on these systems. Unfortunately, this awareness is not widespread and the consequences can be very serious.

The source of the problem is the tendency to ignore or overlook the possibility that common digital services may at some time no longer be available. Becoming victim of a ransomware attack is the most common and traumatic way to realize it. However, the problem expands far beyond the boundary of our computer. Here are some examples. Our smartphone has suffered a cyber attack, or it has broken or been lost or stolen. Do we have a secure copy of the contacts, immediately available (at least the emergency ones)? Was the access to the phone protected by a pin, password, or biometric authentication? Were the data and contacts protected by encryption? Have we organized ourselves in such a way as to be able to carry out at least the indispensable daily and work activities even in the absence of our smartphone and our computer? In order to answer yes to these questions it is necessary to have thought about it in time, planning backups not only of the data, but also of the procedures, that is, of the methods of carrying out the activities. Although trivial, a hard copy of the emergency contacts to always keep with you, a constantly updated backup of the data and files we produce every day, a rigorous and systematic policy of protecting our devices are extremely effective tools. The network also represents a potential critical element. Limits in the infrastructure, failures or cyber-attacks can make access to services unavailable. That is why a careful balance is needed between what relies on the cloud and what is maintained or duplicated locally. The limited awareness of this problem is demonstrated, for example, by the number of hikers who rely on online maps and are then victims of accidents because they get lost in areas not covered by the network or because the smartphone battery has run out.

In conclusion, the digital evolution of our society presents elements of fragility which are insidious because they are not evident. Ransomware like all other adverse events that for some reason block access to data and services teach us that it is necessary to be aware of these fragilities, learning to prevent damage and cope with the unexpected. We all have to do our part: private citizens, more or less expert users, technicians and service managers, designers, and all those who, like me, try to promote a careful and aware use of the extraordinary tools we have.