Understanding Ransomware Can Protect You and Your Data
In May 2017, the computing world endured one of the single largest hacks in history.
The WannaCry ransomware wreaked havoc on systems across the globe. China, Russia, the United Kingdom, and even the US - few countries were spared.
Some reports indicated the impact from WannaCry reached over 400,000 computers in 150 countries.
While the attack carried with it an oddly amusing name, the situation was anything but funny. Not just home computers, but banks, hospitals, and telecom companies were all impacted by the malicious software
So, what exactly was the WannaCry ransomware attack?
Well, it was a hostage situation demanding a ransom.
What hostage was held for ransom?
Data.
What is Ransomware?
Kidnapping and ransom demands have long been part of the criminal toolbox.
In fact, the practice of extorting money to guarantee the release of a prisoner dates back to the times of Julius Caesar, whom himself was taken and released only after procuring a monetary payment.
However, as far as physical criminal enterprises go, this type of nefarious activity is rare. Only the most ambitious lawbreakers attempt this type of act, and the failure rate is incredibly high.
The digital age, however, changes that, and cyber criminals are taking advantage of our newfound reliance on data.
In addition to the 400,000 systems targeted by WannaCry, the following major ransomware attacks have all occurred in the past five years:
- BadRabbit
- CryptoLocker
- CryptoWall
- Fusob
- HDDCryptor
- Locky
- NotPetya
- Petya
- Reveton
- SamSam
- SimpleLocker
- TeslaCrypt
- TorrentLocker
Again, those are just the major attacks. There is countless other small-scale ransomware floating around networks across the globe.
Ransomware is a form of malicious software - or malware - and once it’s on your computer, it wreaks havoc with your applications or files. The primary form this attack uses is restricting you from accessing your data by encrypting it.
You can imagine the panic it creates with an individual locked out of their personal information. Consider when the attack is on a larger scale, like the WannaCry attack, and its crippling impact on vital data collection points in a hospital or bank.
For a user to regain access, the attacker provides instructions for paying the ransom in return for the decryption key. Payment demands typically range between a few hundred to several thousand dollars depending on the person or organization subject to the attack and the type of data targeted.
As far as the ransom payment, it commonly occurs through a crypto- currency, in most cases Bitcoin, which allows the transaction - and the perpetrator - to remain anonymous. Bitcoin was the currency of choice for the WannaCry attack.
Ransomware isn’t new though.
No stranger to the digital world, the origins of ransomware attacks trace back to the earliest days of computing. Though, back then, the intrusions were less effective due to the absence of outlets to anonymously collect on the ransom.
This rise of the crypto- currencies mentioned above makes ransomware attacks more frequent. More than that though is the increase in just how valuable our data has become.
Ransomware Today
So, those are the principles behind ransomware, but how does it really work?
While there are several ways to infect systems with ransomware, the most common is through phishing scams.
Often appearing in emails that seem legitimate, a user will download what they believe a trustworthy attachment. Once opened, malware contained in the file takes over the victim’s computer.
There are common methods in how this takeover occurs.
One involves the ransomware tricking the victim into granting admin access. Similar to how you might receive a spam phone call from a number that closely resembles others you know, the malware requests you enter a username and password in a popup or other means that appears mundane and routine.
The second method is a more direct takeover of the computing system, where weaknesses in security are exploited to gain access to applications and files.
In either scenario, once the malware takes hold, it will encrypt a user’s data, effectively locking them out of their own computer and all its saved files. From there, the user gets a message informing them of their predicament, demanding payment, and what to do to gain back access to their data.
Attacks may take other forms too.
Some cyber criminals threaten victims with the release of their data unless a payment is made to keep it from public view. In this instance, the attacker knows specifics about their target or has the means to access such data directly.
Are You a Target for Ransomware?
The honest answer is both yes and no.
Cyber criminals that propagate ransomware, often pick targets they believe will pay up. Think hospitals or agencies possessing data that requires immediate access.
In other cases, it could be organizations primed to pay a ransom to keep news of an attack out of the press. These are businesses with uniquely sensitive information, if word of an attack was made public, could potentially ruin them.
On an individual level, the targeting is more hit or miss. You might work for a company that could find itself in the cross hairs of a ransomware attack without you being specifically targeted.
Conversely, you could be an arbitrary target.
Remember ransomware often shows itself first as a trustworthy email or file download. You may not have been the intended mark, but if the malware shows up in your inbox and you open it, you’re a victim all the same.
Keeping Your Data Safe
If you want your digital information to remain safe, there are a few critical steps to take to keep attacks at bay.
First, never click on an email or download a file from a source you don’t trust. Don’t automatically allow access or perform an operation on your computer unless you’re certain about what you’re doing.
If a file seems suspicious or if you’re ever in doubt about a popup, perform a Google search. There’s plenty of information available to help you discern between what’s legitimate and what’s not.
Next, maintain your computer’s software. Although it may seem like software updates are never- ending, the majority of OS updates always include new security patches.
Regardless of the system you use, cyber criminals are always in search of new ways to exploit it. Thus, software companies have to stay one step ahead. Failure to make timely updates leaves you vulnerable to an attack.
Finally, adding antivirus software is always a good idea as it will help identify attacks before they happen. Similar to your operating system, make sure your antivirus package is kept up to date to avoid holes in your security.
What About Backing Up Data?
Data back-ups don’t prevent attacks from happening. However, they do make recovering from an attack less of a headache.
Backing up your data as often as possible means you always have access to a recent version of your files. So, even if you do fall victim to ransomware, you won’t be completely compromised.
Of course, all of the above are best practices you’ve heard before, but there’s a reason for that - they work - and not just against ransomware. It will help keep your systems protected against all manner of hacks.
Can Ransomware be Removed?
Yes, it can, but it won’t address the central issue of your encrypted files. Once ransomware does its thing, it is, unfortunately, a done deal. To de-crypt your files, a decryption key is necessary.
That raises the question of whether you should pay the ransom.
It’s a slippery slope.
Though it may seem a good idea initially, and the quick, knee-jerk reaction is to pay up and move past the attack, there are no guarantees when it comes to dealing with cyber criminals.
There’s no guarantee you’ll get your access back once you pay the ransom.
There’s no guarantee they won’t target you again (after all, a willingness to pay once indicates you might be an easy mark).
There’s no guarantee your data won’t be damaged in some other way once you do get access back.
You have to ask yourself if you’re willing to take the above risks in exchange for not having to go through the process of re-populating your most sensitive information or accepting information you failed to back up as lost.
Final Thoughts
Nobody wants to be a victim of any crime, especially the direct intrusion that comes with someone blocking you from your own files. As we live more of our life digitally, we are targets simply by being online.
Which means it’s vital to not only take steps to protect yourself, but also know what scams are out there and take action to avoid being a victim.
Know how you and your system and network may be vulnerable.
Shore up any holes in your security.
Make OS and antivirus updates when necessary.
Keep your data backed up regularly.
The good news is while large-scale attacks like WannaCry grab a lot of attention, some reports are showing ransomware overall is on the decline.
The threat, however, is far from gone.
Remain diligent and keep your data safe and secure, and you’ll avoid being the next victim of ransomware.
Resources:
- https://www.vice.com/en/article/evvn8k/malwaretech-marcus-hutchins-not-guilty-plea
- https://www.bbc.com/news/technology-40416611
- https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack
- https://thehackernews.com/2017/06/petya-ransomware-attack.html
- https://www.forbes.com/sites/thomasbrewster/2017/06/27/ransomware-spreads-rapidly-hitting-power-companies-banks-airlines-metro/#f332bf77abd6
- https://www.nytimes.com/interactive/2017/05/12/world/europe/wannacry-ransomware-map.html
- https://securelist..com/bad-rabbit-ransomware/82851/
- https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
- https://www.vice.com/en/article/yw3w47/this-ransomware-demands-nudes-instead-of-bitcoin
- https://www.bbc.com/news/technology-41740768
- https://www.cnet.com/news/privacy/wannacry-wannacrypt-uiwix-ransomware-everything-you-need-to-know/
- https://www.forbes.com/sites/thomasbrewster/2017/05/12/nsa-exploit-used-by-wannacry-ransomware-in-global-explosion/#168683dae599
- https://thehackernews.com/2017/10/bad-rabbit-ransomware-attack.html
- https://www.troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware/
- https://thehackernews.com/2017/05/wannacry-ransomware-unlock.html
- https://www.vice.com/en/article/qv4gx5/a-ransomware-outbreak-is-infecting-computers-across-the-world-right-now