May 19
Ransomware isn’t new, but it’s been all over the news recently. Just last weekend, hackers launched a massive cyberattack that crippled hundreds of thousands of computers around the globe. Known as WannaCrypt—also called WannaCry or Wanna Decryptor—it is a particularly damaging brand of virus known as ransomware.
As it is so aptly named, WannaCry does indeed devastate users, by compromising almost all digital assets, especially personal and sensitive information. The damage done by ransomware may be initially digital, but it’s impact is much more sweeping, as this data “unlocks” nearly every facet of daily life: passwords, email accounts, work documents, bank accounts, financial data, personal photos. All of it, gone nearly instantly.
You’ll recall from an earlier blog:
What is ransomware?
Ransomware is a type of malware (malicious software) that once installed, locks and encrypts a user’s files until that user pays a ransom to recover and decrypt the files. The ransom is often paid in internet currency known at “bitcoin”. Hackers desire bitcoin transactions due to their easy and anonymity (these transactions are nearly untraceable).
Ransomware ranges in severity, from malware that only targets a select group or folder of file to a program that encrypts entire hard drives, rendering the computer inoperative.
Unfortunately, WannaCrypt is on the severe end of the severity spectrum, targeting nearly every type of file extension users may have on their computer. For a full list of at-risk file extensions, click here.
Infecting approximately 200,000 computers in 150 countries, WannaCrypt most heavily impacted the UK’s hospital system. Fortunately, the attack did not cause as much devastation as anticipated, thanks to the accidental efforts of Marcus Hutchins, a 22-year-old independent cybersecurity researcher who operates and writes the MalwareTech blog. Hutchins has since recounted the incident on his blog, in an article titled: “How to Accidentally Stop a Global Cyber Attacks”. From tracking threats on the UK cyber threats sharing platform, Hutchins noticed a spike in attacks primarily impacting the NHS (National Health Service). He explains:
Now one thing that’s important to note is the actual registration of the domain was not on a whim. My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I’m always on the lookout to pick up unregistered malware control server (C2) domains. In fact, I registered several thousand of such domains in the past year.
Hutchins had previously registered a domain name to track how the virus spread. Because the registered domain was embedded in the code, he unintentionally halted the spread of the virus. Now, the biggest concern is that the attack was only slowed temporarily, and will resume its devastation shortly. Basically, cybersecurity experts advise extreme caution, because the attack is probably not over and its full scope has not yet been realized.
According to Mirror UK:
The malware is delivered as a Trojan through a loaded hyperlink that can be accidentally opened by a victim through an email, advert on a webpage or a Dropbox link. Once it has been activated, the program spreads through the computer and locks all the files with the same encryption used for instant messages.
Delivering a cyberattack via a hyperlink is also called phishing. Phishing attacks are effective when they catch users off guard, often by means of an email that appears to be from a trusted source and contains a link that looks harmless, but is malicious. Phishing attacks are more speculative than targeted. They’re a “shot in the dark”; an attack that isn’t directly aimed at any one person, group, or business, but when an unsuspecting user falls for the bait, the attack can cause a lot of damage.
Once the attackers have wormed their way into a system via successful phishing, all the user’s files are encrypted (locked) and he or she receives a text file (.txt) ransom note demanding $300.00, or all the user’s files will be deleted. Except, even in the instance of ransom payment, the files were still deleted. Money, files, all gone!
You are wondering: how can I protect myself?
Aside from general awareness, following safe internet practices, and learning how to recognize cyber threats (especially phishing attacks), Fortune Magazine contributor Shaun Murphy notes a number of additional preventative measures:
- Using a secure connection certificate, denoted by HTTPS. The tacked-on “S” signifies secure for communications between the browser and the website.
- Utilizing encryption. Encryption is a tool only employed by the bad guys. You can install e encryption programs to password protect your important drives, folders, and files. In the instance of a cyberattack, the hackers won’t be able to decrypt your sensitive information.
- Using a VPN (virtual private network). This is a common practice when connected to public WiFi or to access company drives while working remotely.
- Avoiding excessive app permission or allowing apps to track location. This is especially common on smartphones and tablets, which receive and transmit all kinds of data while in public spaces.
- Embracing Multi-Factor Authentication (MFA). Essentially, this provides an extra layer of security in addition to a password. For example: fingerprint scanning, multiple security questions, or a time-sensitive secure code.
The Pew Research Center has found that the biggest threat is ignorance, having “recently quizzed over 1,000 American adults about cybersecurity issues.” Their study found that, “Only 1% of those surveyed understood every issue and answered each question correctly. Less than half of the people given the quiz were able to answer even six of the 13 questions correctly.”
For now, the best protection is awareness.
Category: helpful hints, data loss prevention
Tags: cyberattack, data encryption, data security, encryption, hackers, protect data, ransomware, security
