Microsoft removes massive hacking network 0:55
(CNN Business) -
As US Election Day approaches, fears are mounting about possible electoral interference from a new source: "ransomware," or data hijacking program, as it is known in Spanish.
It is a type of malicious "software" that locks the victim's computer and renders it unusable until the person pays the attacker, often in bitcoins.
This type of cyber attack has gotten worse, and in recent years ransomware attacks have hit targets as varied as the Baltimore City government, the website of an Illinois public health district, and the University of California.
This week, Microsoft announced that it removed a major hacking ring that had been used to spread "ransomware."
The company said it could have been used to interfere with elections indirectly, by suspending access to voter lists or to websites that display election results.
There is no evidence that cyberattacks have compromised voting infrastructure in 2020. But the term "ransomware," understandably, has many Americans nervous: It evokes terrifying thoughts of widespread computer disruptions, chaos at critical entities like hospitals or banks, and shadowy "hackers" with a hidden agenda.
How much could ransomware distort elections and how concerned should we be?
Keeping the threat in perspective
Experts say that while it is important to be alert and informed about the risk, it is vital to keep the threat in perspective.
The potential for data hijacking programs to undermine elections is plausible, but it is "primarily a hypothetical threat at the moment," said Lotem Finkelsteen, a threat analyst at digital security firm Check Point.
advertising
At a time of great uncertainty, "ransomware" may seem like an urgent and new threat to elections.
The reality is more complicated.
Here's what you need to know about these data hijacking programs heading into the 2020 election.
How might "ransomware" viruses affect elections?
The worst-case scenario would be if "ransomware" programs suddenly block important parts of the voting infrastructure across the country, said Jason Healey, a cybersecurity expert at Columbia University and former White House director of Cyber Infrastructure Protection.
LEE: Cybercriminals try to wreak havoc during the global pandemic
"The concern at (the Department of Homeland Security) and the Pentagon will be that data hijacking programs will reach the county and state level to disable voting records, vote counting and reporting, and outcome reports." Healey said.
"The electoral machines themselves should be more difficult (to attack) as they are less connected," he added.
Concerns about the potential for "ransomware" grew after Tyler Technologies, a major supplier of "software" to many state and local governments, revealed an attack with data hijacking programs that affected their systems last month.
The company sells "software" that some customers use to display voting information on websites, it said in a statement.
However, that "software" is hosted on Amazon servers, not yours, and was not affected.
The attack targeted Tyler Technologies' internal corporate network.
In 2016, a Florida County elections office was attacked by "ransomware."
However, he was able to recover and has taken steps to prevent it from happening again.
So how worried should we be?
While the pressure facing some important targets is real and serious, there are several factors at play that mitigate the worst-case scenario, experts say.
One of the main reasons is that for data hijacking programs to work, they must first take advantage of specific "software" flaws.
Since virtually all jurisdictions use slightly different "software," it would be difficult for an attacker to launch a simultaneous attack that affects a large number of voting sites at once, said Daniel Dister, Director of Information Security for the state of N.H.
"I can guarantee you that there would be very little common ground between the 50 states that run the same 'software' on all of their systems," he said.
"It would be very unusual for a particular vulnerability to spread across multiple states, because they will find that each state is different," he explained.
Instead of launching a massive attack, the hackers would have to compromise the systems individually.
This would take time and be an inefficient way to cause large-scale damage, said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
Even attacking selected targets would not guarantee success.
Most successful cyberattacks don't happen randomly over the open internet, Dister said.
They are usually the result of 'phishing', that is, when an unsuspecting person is tricked into opening a malicious email or clicking on a link.
Assuming that hackers could persuade an employee to click the correct link, ransomware would only be effective if the attacked system had not been protected to defend against it.
That brings us to the bottom line: data hijacking programs are not a mystery.
We know how to defend ourselves against them.
What is being done to protect elections from "ransomware"?
In light of the increase in "ransomware" attempts, the US government has issued an increasing number of public warnings about the potential threat.
And it offers tips on how to protect yourself against data hijacking programs.
State and local governments are also increasingly vigilant about the risk of these types of attacks.
Officials have invested in stronger firewalls, better risk analysis platforms, and device protection.
This is in addition to keeping the important voting infrastructure isolated from other systems, said Rob Bathurst, chief technology officer at risk management firm Digitalware.
"The bigger cities have been preparing for this election for a while and (are) better than in the past," he said.
But, Bathurst added, smaller governments can still be at a disadvantage due to a lack of resources and trained personnel.
In New Hampshire, Dister works to ensure that the "software" used on government devices remains protected and up to date.
And it also maintains policies to limit the type of applications that can be installed on work machines.
This helps narrow the range of potential vulnerabilities that the state must defend against.
State and local governments also routinely share information with each other about the systems they use and new threats that lie ahead.
They do so through official information exchange centers such as the Multi-State Information Exchange and Analysis Center.
Tools to defend against data hijacking programs
Ultimately, experts say, the tools and principles for defending against ransomware are relatively straightforward.
And they apply to organizations and individuals alike.
Create regular backups of the data you store offline.
Learn to recognize fraudulent emails or links and try to avoid falling for them.
Keep your devices and applications up to date with the latest security updates.
And, in case your organization is attacked by "ransomware", do not pay the ransom.
Security analysts emphasize that the overwhelming motive behind attacks from data hijacking programs is profit, not politics.
Remove the financial incentive to launch data hijacking attacks and hackers will switch to a different tactic.
"If the cash flow stops, the attacks will stop," said Brett Callow, a threat analyst at security firm Emsisoft.
The US government also tries to get that message across.
This month, the Treasury Department issued a warning that paying ransomware attackers could violate US sanctions policy.
This could happen if the recipient is in a country that is subject to sanctions.
Even those who help a victim make payments could be held liable, the department said.
Also those who may have paid a ransom without knowing that the recipient was in a sanctioned country.
Elections 2020 United States Ransomeware
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/H6SX4JB4HJIOMBO3FUP6IGGLUI.jpg)
