On April 24, 2018, hackers compromised the website of the Ukrainian energy and coal ministry. A message was posted to the site demanding a ransom be paid in Bitcoin to recover the encrypted files. This appears to have been an isolated attack that did not impact any other areas of the Ukrainian government.
In the past, ransomware has been used to mask attacks with more destructive intent, but in this case, it appears to be a traditional criminal attacker seeking to make money. The ransomware message was written in English and demanded 0.1 Bitcoin to decrypt the site. That amount of Bitcoin was worth roughly $927 at the time of the compromise but has since fallen to roughly $819.
Ransomware attacks continue to increase in frequency. While it may be possible to pay the ransom and regain access to the encrypted files, in many cases there is no guarantee that paying the ransom will result in the hacker providing the decryption key. The only guaranteed safeguards against ransomware are to maintain a secure system and back up important information. Having frequent comprehensive backups — a result of good cybersecurity planning — will provide a recovery method that doesn’t depend on the goodwill of the attacker.
Here are three things to consider when building out your protection against ransomware attacks:
- Have good anti-virus protection in place and get it in place before an attack can occur.
- Good backups are extremely important. Maintaining current backups can help you restore your system without having to pay the ransom.
- Be careful what you click on. Links and attachments in emails are the common entry points of ransomware attacks.