Ransomware – What You Need to Know

Ransomware has been in the news quite a bit lately. Hackers find vulnerabilities in a victim’s computer system and insert code that encrypts the victim’s files, making them inaccessible by the victim. The hackers will send a decryption key for the “hostage” files only when the “ransom” is paid. A recent and very public example of ransomware just occurred with the City of Atlanta – hackers infected the city’s computer systems and demanded an approximate $50,000 payment. News reports have said the city has spent more than $2 million trying to correct the issue, and there has been no confirmation whether the city ever actually paid the ransom.

At the FES industry’s recent E&S Summit, AutoQuotes was asked what our response would be to a ransomware attack. While no system anywhere is 100 percent immune to the most determined hackers, we have put in place multiple layers of protection that makes our exposure to this type of attack minimal.

First, it’s important to remember that while the AutoQuotes software is resident on your computer, your AQ projects and data are not on your computer. AutoQuotes stores all your AQ projects, data, information and the AQ Catalog as huge databases on IBM Cloud servers. This means that if your system is ever attacked, you would not lose your AQ projects, data or information. You would just have to download and install the AQ software on a cleaned (or new) system and proceed as usual.

With AutoQuotes, when you log in to AQ, your computer connects with Microsoft IIS (Internet Information Services). We also use the IBM Cloud – but separate servers – for IIS. Security steps here are firewalls and other procedures in place so that only bona fide AutoQuotes users can log in to AQ on IIS.

When you perform searches or other functions in AQ, IIS takes that request (or “query”) and sends it to the AQ databases. This is an important security step – no one can log in to or access the AQ databases directly, it can only go through IIS. The AQ databases only accept queries from IIS through IP (internet protocol) addresses specifically set-up between the IIS and the AQ database for AQ’s use. No one else has access to these addresses. This is called “IP tunneling.”

As referenced in the first paragraph, ransomware involves inserting malicious code into a victim’s computer system. This is often done through inserting the code into the query that is ultimately sent to the database. With poorly designed database systems, the database will accept the bad code and execute its instructions – e.g. holding files hostage. Databases use what’s called structured query language (SQL) to execute instructions. So, the placing of the malicious code into a query is termed “SQL injection.”

The AQ databases eliminate the possibility of SQL injection by using something called “parameters.” This means that there is a set of stored procedures in the AQ databases. When the database receives a query, it can only respond by executing one of the stored procedures. It will ignore / not execute anything else in the query that doesn’t correspond to the stored procedures. For example, assume a hacker inserts malicious code in a query for gas ranges. The AQ database will return search results for the ranges without executing the “SQL injection.”

Finally, assuming a hacker gets into IIS, gets into the AQ databases, and somehow inserts malicious code, we would then employ our multiple back-ups. If databases were compromised, we would merely delete the hostage files and rebuild from the back-up. The downtime would be measured in hours, at the most.

So again, while no system anywhere is 100 percent safe, our exposure to a ransomware attack is minimal.

If you have questions on our security, you can visit our security page.

Traducir »