Ransomware is a type of malware typically distributed via phishing emails with malicious attachments or through links to webpages hosting the malware, which will be installed if the user clicks through to the page. It may also be distributed onto a computer through an existing security flaw in unpatched software.
Ransomware was seen as early as 2005 in Russia and has been seen in various guises ever since. A fear based strategy has been a tactic of ransomware from the start, through to the modern day tactic in use pressuring the victim to pay a ransom or lose their files, even sometimes impersonating law enforcement agencies to increase the sense of urgency in the victim.
The evolution of crypto currency caused ransomware to really take off. Previous payment methods could expose the attacker but crypto currencies are truly anonymous. Modern ransomware will typically request payment in Bitcoin or other digital currency.
There are two major types of ransomware commonly seen today, crypto ransomware, which encrypts files and data on the infected device, and locker ransomware, which locks the user out of the whole computer. Locker ransomware is much easier to circumvent as if you manage to remove the malware you restore access and files are untouched. As such crypto ransomware is more commonly used by attackers as even if the malware is removed from the computer, the files and data will remain inaccessible until the encryption key is obtained.
The cost of ransomware to users and business can be huge. The CryptoLocker ransomware seen September to December 2013 infected more than 250,000 computers and earned more than $3 million for its creators. Fast forward to 2017 and the Wannacry ransomware hit the world. It is estimated to have cost the NHS alone £92 million and globally as much as $4 billion USD across victims in 150 countries which suffered attacks in one day. With this considered, it’s easy to see the impact of ransomware on victims is potentially catastrophic. Beyond the cost of the ransom itself, there is also a financial impact to a business if critical data is lost and operations are shut down.
The Wannacry ransomware was able to infect computers through a known weakness in the Windows operating system. A fix had been created by Microsoft months before Wannacry was released, and infected computers could have been protected just by timely patching. Ransomware can be spread in a variety of ways. It will trick victims into downloading an infected file by posing as a legitimate file or program. An infected site might install a file as a ‘drive by’, meaning that simply by visiting an infected site, the software can be installed on the victim’s computer without them ever knowing. Or the ransomware itself can be a worm, able to self-propagate across the internet.
So, how do we protect ourselves from ransomware?
• Having an up to date back up is critical. Backups should be stored securely with access limited to key staff. Test your backups before you need them to make sure they will work!
• Keep your software up to date. Operating system updates or software updates will often include critical security patches which only protect you if they’ve been applied.
• Use a reputable antivirus program on all computers. As malware changes and evolves your antivirus software can only protect you if it has been updated to the latest version.
• Do not continue to use any hardware or software which is no longer receiving updates or vender support.
• Be wary of unexpected email file attachments. Be especially wary of any file which requires you to run macros to open it.
• Practice the rules of lease privilege and good security hygiene on business networks and systems. If users leave, disable their accounts and access. Limit use of USB drives or removable media. Ensure only administrators can install new software onto devices.
• Train all staff to spot phishing and malware and how to report it if they do.
• Keep abreast of current scams such as through Action Fraud Alerts.
One thing we can be sure of is that cyber attackers are not going away. Cyber-attacks are a lucrative business for the attackers so we need to be prepared to protect our data to protect our wallets.
Your FSB membership includes free access to our Cyber Helpline. If you have any questions on this or any other cyber topic please give us a call for expert advice. Our advice line can also do a free cyber health check for you.