Did you know that when criminals encrypt files in a ransomware attack, they always have access to the information in those files? Do you know what you can do to protect your research data?
The Scenario: Ransomware attack
You have been working for years in the lab of a large institution conducting research on high-risk pathogens. In the lab, you naturally take all necessary precautions to prevent colleagues or yourself from getting sick from those pathogens and to make it impossible for malicious actors to obtain them. When you're not busy in the lab, you prepare experiments or process results on your computer. Occasionally, you need to call your IT department, but overall, the IT system works well. Until one morning, when you arrive to find your colleagues in chaos: criminals have successfully installed ransomware on the servers. All documents are encrypted, and computer screens display a message stating that you must pay to regain access to your files. You can't access anything and are unable to proceed with your work. Slowly, the severity of the situation begins to sink in: Are there recent backups? What will the criminals do with the data? Do they have access to the recent experiment data, especially those with dual-use concerns?
Risks and perspective for action
Many organizations are aware of the risks of ransomware, which can be introduced into systems via phishing emails or vulnerabilities in outdated software. Regularly creating backups and fostering awareness and knowledge among staff are crucial to reducing the likelihood of ransomware being installed on the IT system. However, if criminals manage to encrypt a file, it means they have already gained access to the file—and this constitutes a data breach. To prevent this, it’s important to take extra precautions when handling files containing sensitive information, such as data related to (potentially) dual-use research or dual-use research of concern. Through collaborative efforts, researchers, the BMA/BVF (Biosafety and Biosecurity Officers), IT departments, and security experts can establish procedures to add additional layers of protection to these files. This ensures that criminals cannot access the data, even during a ransomware attack or hack. Examples of additional measures could include segmenting computer networks and systems, storing sensitive information on separate servers, or keeping sensitive data entirely offline. It is also essential to continually raise awareness among colleagues about following these procedures. For more information, visit our website or contact the designated person within your organization.
Sharing Your Scenario
If you would like to discuss how to handle this scenario with the Biosecurity Office or if you have encountered a biosecurity scenario that you would like to share with colleagues in the field, please feel free to contact us. The Biosecurity Office can be reached at biosecurity@rivm.nl.