We’ve all the heard stories about the 200,000+ systems in 150 countries getting hacked last week. The attacks hit computers running factories, hospitals, banks, government agencies, and transport systems in countries including Russia, United States, Ukraine, Brazil, Spain, India and Japan, among others. Among those hit were Russia’s Interior Ministry, Spain’s Telefonica, FedEx Corp. in the U.S., and about 45 National Health Service organizations in the U.K.
The culprit is malware called WannaCry and seems to have spread via a type of computer malware known as a worm. Unlike many other malicious programs, this one has the ability to move around a network by itself. Most others rely on humans to spread by tricking them into clicking on an attachment harboring the attack code.
Once a company’s data is encrypted, a message appears demanding a fee of hundreds of dollars. If the ransom is paid in time, the information may be restored. “At the heart of this new business model for cybercrime is the fact that individuals and businesses, not retailers and banks, are the ones footing the bill for data breaches,” Josephine Wolff noted in The Atlantic.
As the worst cyber-attack in recent history, why has WannaCry has proven so vicious? It leverages a Windows vulnerability known as EternalBlue that allegedly originated with the NSA. The exploit was dumped into the wild last month in a trove of alleged NSA tools by the Shadow Brokers hacking group. Microsoft released a patch in March, but many organizations haven’t caught up.
“The spread is immense,” says Adam Kujawa, the director of malware intelligence at Malwarebytes, which discovered the original version of WannaCry. “I’ve never seen anything before like this, It’s nuts.”
One cyber security firm estimates that costs for extortive attacks at small and medium companies cost $75 billion in expenses and lost productivity each year.
(WannaCry) Ransomware Prevention
Multiple things go wrong when infected with malware, yet It isn’t the ransom that is the expensive part of being infected. The downtime and lost productivity increase with each passing day. Prevention of infection is the best possible way to avoid downtime. However, there is no single defense solution currently on the market that can 100% guarantee ransomware prevention. Instead, step up your data protection game to increase your front line of defense. If that still doesn’t work, Flashback Data has had limited success in recovering data on infected drives.
- Install reputable anti-virus and firewall technology, and update both OS & software consistently.
- Proceed with caution when opening emails; Do not click links or open email attachments you aren’t expecting; verify the source of the link or attachment first.
- Ensure that ALL employees are trained on these email best practices – phishing scams are the #1 cause of ransomware’s success today.
- Despite popular belief, the Cloud is NOT immune to Ransomware. Particularly within popular SaaS applications like Dropbox, Office 365 and Google Apps.
Like many of the leading ransomware strains today, the code is constantly being adapted to avoid detection by the leading solutions of defense available. More than 91% of IT service providers reported ransomware infiltrating anti-virus and anti-malware software in the past 12 months and 77% report it infiltrating email and SPAM filters. The social engineering tactics cyber criminals employ to dupe their victims continue to be highly effective, and will remain so for the next few years, likely due to Increase in phishing emails/SPAM, general awareness of best practices against phishing, and the lack in cybersecurity training.
- Don’t negotiate with e-terrorists. 42% report customers paid the ransom, 1 in 4 of whom did so and never recovered the data. This is largely why the FBI recommends victims do not pay up. But if you decide to risk paying the ransom you should know that cyber criminals will likely require you to pay using Bitcoin or another virtual currency over the Tor network, which is a software designed to make web browsing anonymous and untrackable.
- Identify Time of Infection – Pinpoint the timing of a ransomware hit by reviewing the timestamps of changed file versions within a user’s backup archive.
- Protect ALL users and applications – Provide better support by closing gaps in data visibility and protection, and capture every end-user file, regardless of OS platform. Educate people to NOT click links unless they can verify the source.
- Contact Flashback Data BEFORE too much damage has been done to the device, thus increasing chances of a successful recovery. We have had success recovering data without paying ransom.