Wed | Apr 1, 2020

Andrea Martin-Swaby | Ransomware attacks: What are you doing about it in 2020?

Published:Thursday | February 27, 2020 | 12:10 AM

To say that we rely heavily on our devices and information technology systems to function effectively is an understatement. This is the digital era! Almost every task is aided through the use of a device connected to the Internet. It is for this reason that access to the data on these devices and computer systems is extremely important. Unfortunately, in Jamaica, and the world at large, criminals seek to capitalise on this need to access data by relentlessly infecting our devices with malware. One such malware, which is highly destructive and palpably annoying, is ransomware. For the criminals, it is an easy way to get quick money. Why? Simply because so many victims buckle under the pressure of losing access to their data and computer systems. Without hesitation, they pay thousands of United States dollars in bitcoin to these criminals who kidnap their data, holding it under lock and key. Such payment is made with the expectation that access to the data will be restored.

You may ask how these criminals gain access to the data in the first place. Access is usually gained when the individual user, or someone within the business organisation, clicks on a phishing email which contains malicious content. Exposure to such attacks also occurs where a user visits an infected website and the malware is downloaded to the computer system without the user’s knowledge.

Unfortunately, a simple yet careless keystroke can result in the entire computer system being infected and rendered inaccessible to the user, until a ransom is paid for it to be decrypted. It is for this reason that all users must be aware of the potentially devastating impact of a simple click of a button.

Unfortunately, in recent times, the instances of such attacks have increased unabated. Consequently, the time has come for individuals to aggressively tackle this serious and costly threat. Jamaicans can only prevail against such attacks by becoming more aware of our vulnerabilities within cyberspace and aggressively safeguarding our information and technology systems. Cybersecurity is the responsibility of every user in any establishment. Securing information and technology systems is no longer an option but a necessity, if we are to protect our data and computer networks from such disruptive intrusions.

TRAIN STAFF TO RESPOND

In light of the fact that the success of these attacks depends on the actions of the users of computer systems, constant training of staff in respect of cybersecurity is of utmost importance in the fight against ransomware and other cyber attacks.

It must be known that ransomware attacks have existed from as far back as 1989 – in the age of the floppy disk. In 1989, an AIDS researcher, Joseph Popp, authored the first-ever reported case of ransomware. He distributed over 20,000 floppy disks to fellow AIDS researchers all over the world. These disks contained a malware which remained dormant until the computer in which it was inserted was turned on 90 times. After reaching the threshold, on powering on the computer, the malware displayed a message demanding the payment of US$189 and a further US$378 for a software lease.

Today, floppy disks are perhaps extinct; however, these attacks continue to spread and are now more sophisticated.

A MacAfee report, published in 2019, stated that ransomware incidents increased by 118 per cent during the first quarter of 2019. Europol, in its published study, Internet Organized Crime Threat Assessment (IOCTA) 2019, also noted that there was an increase in the number of ransomware attacks in 2019. It described ransomware as being the “top cyberthreat” faced by cyber investigators.

In light of these statistics, Jamaicans must secure their information and communication systems from such vicious attacks. Let us seek to encourage a safe and secure cyberspace within our homes and businesses. Always remembering to think before you click. The reality is that the simple click of a button could seriously jeopardise the stability of an entity and prove to be extremely costly.

Andrea Martin-Swaby is a deputy director of public prosecutions and head of the Cybercrime & Digital Forensics Unit at the Office of the Director of Public Prosecutions. Email feedback at columns@gleanerjm.com.