Ransomware – Bag of Tricks

The other day a friend of mine who is the director of a small rural library in another state emailed me. She was hoping I could help her tech guy because her server had just been hit with Ransomware.

Ransomeware is malicious software that blocks access to your computer system until a sum of money is paid. So, at some point, there is a breach, meaning, someone opens an email, or an attachment, or uses a corrupted USB, or a hacker breaks into your system or something, and it gets by your virus protection. Once the malware is in the system it encrypts the data until the release code is entered, and all you can access is a message, “Pay us and we will unlock your computer.”

Libraries have not been specifically targeted by these datanappers; there are bigger fish in the sea with more sensitive information. But it has happened. So, what do you do about it? How do you take precautions? And, if the worst happens, how do you fix it?

As with many things, we need to look at this issue through these four categories: policy, procedure, training, and response.

Policy

Your Information Security Policy should answer these questions:

• What are we protecting? (What data do you actually store? What is stored on your computers rather than on your ILS company’s server? Is payroll done on your computer or is it off-site?)
• What are the objectives (How secure are we going to be?)
• Who does what and who has access to what? (Your ILS provider?)
• Reference legislation (What statutes we need to follow based on our industry, state laws, etc?)
• Data Movement criteria (What mediums are allowed or disallowed?)
• Backup Criteria (frequency, storage criteria, access to backups, etc)
• Network security strategies (antivirus, firewalls, etc.)

Procedures

The policy is what you do, the procedure is how it gets done. Make sure you are making regular backups, and test them fully so that you can restore files. If your library doesn’t have an IT person, it might be worthwhile to get IT help to set up a system of backups and the steps to take if something happens. Think through all of the potential data you collect and where the data resides. Also, consider what services you provide that won’t be affected that patrons can still access even when the library’s system is out of commission. Third party apps, like Overdrive or Hoopla, won’t be affected by what happens to your library network and patrons will be able to use them.

Training

All staff should have training on the policies, procedures and incident response. Make sure the information security policy is reviewed on a regular basis. Cover things like, “If this happens, what do I do” for the staff.  Educating yourself and library staff members on how to prevent these attacks is one of the best ways to stop ransomware. The most advanced antivirus software is no match for the user who is tricked into clicking something they shouldn’t.

Response

Remember to isolate the threat. Decide who the staff should contact (Director, IT guy, etc), and who you can call to clean up the infections, especially if you don’t have an IT person. Also, report the incident to the Internet Crime Complaint Center at www.ic3.gov.

As dire as ransomware sounds, precautions and a plan can reduce your risk and save you some stress. As much as I would love to say you can keep your plan or the contact info of the folks you will call “in case of” in your Bag of Tricks, in this case, a hardcopy will be a better tool. What you can put in your Bag of Tricks is the information needed for your staff to learn how to stay safe on the internet, because training staff and volunteers who use library systems is a key way to keep your systems secure. And, being safe on the internet is the kind of essential information we should pass on to patrons. The more we know, the more we can help.