Why it pays to prevent Ransomware attacks.

Given a chance, Ransomware will ruin your whole week…so don’t give it even half a chance. Let’s dive into what we mean by Ransomware, and how you can stay aware and secure online.

Ransomware is a malicious piece of software that uses encryption to deny access to the files on your computer. It’s like burglars breaking into your home, putting a combination lock on your front door, and only providing the code if you pay them an exorbitant fee.

Ransomware hackers offer to restore access to your computer with an unlock key, in exchange for a ransom payment. It’s a simple enough premise, using some very sophisticated tech under the hood.

We’re writing about this because there has been, and will continue to be, an increase in Ransomware attacks worldwide.

Be informed and understand how you can protect yourself.

Unfortunately, a reboot won’t save you once infected.

You’ll often hear the term Ransomware thrown about alongside words like, ‘virus’, ‘trojan’, ‘backdoor’, ‘exploit’, ‘worm’, ‘nation-state actor’ or ‘non-state actor’, and ‘killswitch’.

That’s because, while the basic Ransomware mechanism is fairly well understood, the means of how hackers create an ‘infection’, or the initial hack, changes from instance to instance. You might be protected from one type, but not against others.

Ransomware is likely to be delivered via an email attachment you may have opened, but it can also spread from another computer already infected on your network.  It might even be through a method that doesn’t require an interaction from you at all.

You shouldn’t have opened that email attachment.

Defending against Ransomware is a hot topic these days. It has gained traction beyond the circle of IT professionals and security researchers, with the general public and business owners tuning in following a series of high profile attacks widely covered in the media.

The most famous of these to date is WannaCry, which took significant parts of the United Kingdom’s National Health Service IT infrastructure down, while simultaneously disrupting channels in Ukraine.

WannaCry took advantage of a security vulnerability in Microsoft Windows, believed to have been developed by the United States National Security Agency, and later leaked online by a hacking group called The Shadow Brokers.  Confirming the widespread severity of the incident, Microsoft took the unprecedented step of releasing security patches for Windows XP—long out of the consumer support period—citing the elevated risk posed by legacy systems.

You might be thinking: why the increase in hacks? Increases in Ransomware attacks have been incentivised by the development of crypto-currencies like Bitcoin and Ethereum, which allow users to send and receive money anonymously.

Bitcoin has reached a critical enough mass of mum-and-dad type investors to intersect with those willing to pay hackers to recover their files. Its digitised anonymity makes it profitable at a lower risk to hackers when compared to other forms of cyber-crime.

Another characteristic of these crypto-currencies is the notion of public wallets. Let’s think about a bank robbery for a moment. Successful bank robbers make off with bags of cash, and bystanders have no idea how much money was actually stolen. Public wallets are different. Bitcoin has public wallets where people can watch, as spectators, to see how much cash is being paid to cybercriminals in real time. Crazy, huh?

Approximately 52.19666422 BTC (or USD$142,361.51 at the time) across 345 individual Bitcoin payments was deposited into the public wallets associated with the WannaCry Ransomware hackers.  It only took six withdrawals to carry out the transaction, while it was watched in real-time on Twitter.

The success of Ransomware schemes, such as CryptoLocker, WannaCry, Petya, NotPetya, and others, means it is only a matter of time for new copycat threats to emerge and spread globally.  It’s also a reminder to secure your systems as soon as possible, and understand what you should do if your computer becomes infected.

So, what should I do?

First of all, these exploits all share a common call to action: pay up, or never see your files again.  As tempting as it may seem to pay the ransom for your unlock key and be done with it, it’s never that simple.

It is true that an unlock key is usually required to retrieve your files. However, sometimes security researchers get lucky and discover mechanisms to generate it, or find other workarounds and release their findings online.  Additionally, hackers often fail to deliver the key after payment, and Internet Service Providers can shut down their associated email accounts—meaning that payment can be an incomplete solution.

There is also growing speculation that Ransomware is being used as a type of smoke-screen or scapegoat for nation-state sponsored cyber espionage and disruption.  Nation-state sponsored cyber espionage is where a legitimate government sponsors hacking efforts in an attempt to seize control or create mayhem in another country. Warfare but online. For example, the NotPetya variant of Ransomware could never unlock your files, whether the ransom has been paid or not.

The good news is that security firms, businesses and governments around the world haven’t been idle in responding.  The Australian Signals Directorate (ASD) continues to release mitigation strategies to help people secure their infrastructure.

An excellent starting point is the Essential Eight, provided by the ASD to help prioritise mitigation efforts against the most common cyber threats, including Ransomware. The Essential Eight is a model of eight actions people can take to make themselves safer online.

They are:

• Application whitelisting
• Patching applications
• Restricting Microsoft Office Macros
• User Application Hardening
• Restricting administrative privileges
• Patching operating systems
• Multi-factor authentication
• Daily backups

The bulk of the work in applying the Essential Eight is keeping applications and operating systems up to date, with sensible default settings.  Turning on the auto-update settings in your configuration will see you greatly on the way to better security.  Notably absent from that list, which we found interesting, was implementing anti-virus software. This type of software did little to halt the spread of Ransomware this year.

For the full run through, we recommend you dive into the documents we’ve linked above for some easily actionable steps that can help decrease your risk of infection.  WannaCry was as successful as it was due to the use of a Windows exploit Microsoft had released security patches for months prior. In other words, it was like having a weakened immune system and not taking your multivitamin to get yourself back to fighting fit. The system was exposed, it was vulnerable.

With further reports of Ransomware targeting other platforms such as mobile devices, Apple products, and now WordPress websites, consider that this will be the tech landscape for years to come, and prepare yourself accordingly.

And since we mentioned the UK’s National Health Service, if we can draw on an oft-quoted health proverb, “Prevention is better than the cure!”.