As part of the 14th Annual Georgia Tech Cyber Security Summit held Wednesday, College of Computing Ph.D. student Evan Downing, alongside GTRI Cyber Technology and Information Security lab division chief Chris Smoak, presented a seminar on ransomware.
In a presentation titled, “Ransomware: How to respond,” the two speakers discussed distinctions between ransomware and typical malware, the goal of those producing ransomware, and how to prevent it and respond to it.
Ransomware is essentially just malware that holds data for ransom, demanding money in exchange for decrypting critical files. It can affect both individuals and larger networks utilized by entire companies.
Many individuals opt to pay the ransom, but both Smoak and Downing recommend the opposite. Paying, they said, encourages more of this type of malware and, in addition, the user may not get their files back.
“Ransomware authors want to give their victims incentive to pay. This is their business model,” said Downing, who is in his third year pursuing his Ph.D. in Computer Science.
“They want to be able to be reliable and trustworthy to decrypt their victims' files so that word will spread to other victims that they should just simply pay the ransom to get their data back. If the ransomware actors did not do this, then they wouldn't be giving their victims any incentive to pay the ransom. The victims would just simply wipe their hard drives, reinstall their operating systems, and continue about their day."
Downing, a self-described "unrealistic conservative" when it comes to the safety of online networks, said the decision whether to pay or not all comes down to a personal cost-benefit analysis.
“You want to decide what you’re willing to pay for, literally and figuratively,” he said. “What data can your business stand to lose? How quickly can your business recover from losing this data? How much money will an attack cost your company from the lack of the service your company provides? Is this all worth the risk of paying the ransom and possibly not getting your data back?”
Downing warns that regardless of your personal decision, it is never wise to pay the ransom.
“Either you get your data back and you've aided a criminal financially, encouraging them to continue attacking others, or worse, you don't get your data back at all and you've still financially aided the criminal,” Downing said. “There's an obvious common denominator here."
Both Smoak and Downing recommended a few things to prevent against such an attack in the future. Aside from an extreme solution (simply utilizing old, unconnected technology), they advised frequent backups of data and avoiding continual connection of backup volumes, training users on use of email and visiting websites, and classifying data according to its importance (giving backup priority to the most vital information).
Georgia Tech’s Institute for Information Security and Privacy presents the Cyber Security Summit annually. This year’s event was held at the Global Learning Center.