Serving Colorado's Counties

Technical Update 52 - Protect your Organization from Ransomware

October 20, 2020

The news is full of stories about companies and organizations being targeted by ransomware, a type of malware. Ransomware infects a victim’s computer, device, or network then locks or encrypts data. The cybercriminals behind the ransomware then demand the victim pay, usually within a certain time frame, or risk permanently losing their data or having it made public. According to Emsisoft’s Q1 and Q2 2020, last year, ransomware attacks against U.S. government, healthcare, and educational organizations cost those organizations $7.5 billion. (For more information on ransomware, read Technical Update no. 40 - Ransomware.)

Understanding Ransomware

Ransomware falls into two general categories: crypto and locker. Crypto ransomware is a malware that encrypts valuable data on a network or device so that the user cannot access the data. Locker ransomware does not encrypt data; instead, it locks the user out of the computer or device entirely. There are numerous types of ransomware. Two common ones are listed below:

Cerber – A kind of crypto-ransomware, Cerber targets cloud-based Office 365 users and is spread via a phishing campaign. (For more information on phishing, read Technical Update no. 74 – Phishing: What you Need to Know.) Cerber comes in 12 different languages and has been deployed by large cybercrime networks across the globe. So far, it has impacted millions of people.

CryLocker – As the name suggests, CryLocker is locker ransomware. It crawls through a victim’s computer and finds personal information such as their name, birthday, location, Facebook profile, IP address, etc. to generate a ransom note demanding payment within 24 hours.

Protecting your Organization


Ransomware is big business for cybercriminals and isn’t going away anytime soon; however, there are steps you can take to protect your organization.

  • Backup your data – Critical network and system data should be backed up regularly. If a ransomware attack occurs, the data can be restored; however, some ransomware can infect backup servers, so backup drives should be physically disconnected from your system when not in use.
  • Use multiple layers of cybersecurity – Do not rely on only one form of cybersecurity. Use antivirus and antimalware software along with firewalls and web filtering to block attacks. Cybercriminals are more likely to target organizations with weak security.
  • Keep software and systems up-to-date – Apply vendor-provided updates to your apps, operations systems, web browsers, and plugins as soon as they are made available. Updates often patch security vulnerabilities that cybercriminals can exploit.
  • Limit access to your network – If your network has multiple users, limit global/administrative privileges to a system administrator. Most ransomware is limited to the access level of the person whose device is infected, so if a user cannot change files on the server or change security settings, the malware is more likely to stay contained on their machine.
  • Teach employees how to identify fake links and emails – Most ransomware is spread when a person clicks on an email link as part of a phishing scam. Educate employees on how to spot fake emails and links. Remember, many phishing emails are designed to mimic emails from well-known companies, so people should always check the URL of email links and be suspicious of emails with language errors or from companies they haven’t done business with before.

What This Means for Counties

As many people continue to work from home, it is vital to set and maintain good network security practices. Like burglars, cybercriminals tend to go after easy targets. Implement strong network security practices to make your organization an unattractive target. For more information on ransomware, contact CTSI at (303) 861 0507.

A PDF of this Technical Update is available here.

News & Updates

Technical Update vol. 25 no. 31 - Security Breaches and Personal Information

During the 2018 legislative session, the state of Colorado amended Colo. Rev. Stat. Ann § 6-1-716 (2006), to include governmental entities. The statute concerns how a person’s information (e.g., social […]

Read More
Technical Update vol. 25 no. 30 - Wildfire Smoke

Smoke from wildfires is a mixture of gases and fine particles from burning trees and other plant materials. Smoke can hurt your eyes, irritate your respiratory system, and worsen chronic […]

Read More
Technical Update vol. 25 no. 29 - New Guidance on EPEWA

The Colorado Department of Labor and Employment (CDLE) issued Interpretive Notice and Formal Opinion #9, offering additional guidance on the Equal Pay for Equal Work Act (EPEWA). The EPEWA requires […]

Read More
Technical Update vol. 25 no. 28 - Avoiding Mosquitoes

Colorado’s recent wet Spring did more than fill rivers and streams; it also created the perfect breeding conditions for mosquitoes. More than just a biting nuisance, mosquitoes can spread diseases […]

Read More
Technical Update vol. 25 no. 27 - Monsoon Season

Did you know that Colorado has a monsoon season? The frequent mid-to-late afternoon thunderstorms Colorado experiences during July, August, and September are part of the North American Monsoon (or NAM) […]

Read More