What Is Ransomware, And How Can It Crush Your Enterprise?
The term ransomware has been around for decades, but most daily computer and Internet users are blissfully unaware of the term or its consequences. A global ransomware heist that impacted entire state hospital systems, international businesses, and countries as a whole on Friday, May 12 put the illegal activity in the spotlight, hopefully creating a higher level of awareness for the general public – and companies who may have felt they were immune from such attacks.
Ransomware is modern day technology kidnapping. A virus infiltrates a computer device, locks down its data, and won’t release it until a ransom is paid – whatever that may be. On May 12, that ransomware technique was released via “WannyCry,” a virus that was accessed via link. Once the user opened the link, the bug then encrypted that computer’s data and held it for ransom.
The virus was able to spread through large networks without user interaction thanks to a vulnerability in the Microsoft Windows operating system. Microsoft released a patch for the vulnerability, but the fix is only as useful as the user makes it – meaning it needs to be installed and run on each device.
This is where enterprises large and small are impacted - FedEx, Telefonica, and the UK's National Health Service on Friday - as a single user accessing the link or attachment essentially allows the bug to infiltrate the system as a whole if the system was vulnerable.
Once opened, the WannaCry attack told its user:
Oops, your files have been encrypted!
What happened to my computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
Can I Recover My Files?
Sure. We guaranteed that you can recover all your files safely and easily. (But you have not so enough time.)
You can try to decrypt some of your files for free. Try now by clicking <Decrypt>.
If you want to decrypt all your files, you need to pay.
You only have 3 days to submit the payment. After that the price will be doubled. Also, if you don’t pay in 7 days, you won’t be able to recover your files forever.
Instructions then went on to explain payment methods, which were through online currency Bitcoin, in the amount of anywhere between $300 and $600 per device.
So, how can employees in your enterprise protect their individual devices from falling prey to ransomware attacks? Here’s a checklist everyone should be aware of:
- Always keep security software up to date on devices
- Keep the OS and other software updated by installing patches, which are created to secure vulnerabilities
- The most heavily used form of infection method is via email. Do not blindly open email attachments or links, especially if it’s not coming from a trusted source
- Back up important data. If an employee’s device was victimized by WannaCry, the encryption would not have had as severe an effect if that device’s data was resting elsewhere and easily accessible to the user
According to The Verge, within 48 hours of the virus spreading, it had reached more than 10,000 organizations and 200,000 individuals in more than 150 countries.
So how did this attack slow down? A single cyber security expert, just 22 years old, who goes by the name of MalwareTech woke up Friday and went through his normal day-to-day motions, but noticed something was awry.
MalwareTech was actually off from work Friday and on vacation. In the blog post published Saturday, titled, “How to Accidentally Stop a Global Cyber Attack,” the unsuspecting hero says he woke up around 10 a.m. and checked into a UK cyber threat sharing platform, then headed to lunch with a friend. Around 2:30 p.m. he returned home, logged into the same platform, and said the thread was “flooded with posts about various NHS systems all across the country being hit, which tipped me of (sic) to the fact this was something big.”
The blog goes on to detail how MalwareTech found a previously unregistered domain name within the ransomware file, and was able to “sinkhole” the issue. Read more about how the ransomware attack was slowed here.
While this threat was slowed within the first 24 hours, MalwareTech does believe a second version of the ransomware is on the horizon, and tweeted on Sunday:
Warning for Monday: If you turn on a system without the MS17-010 patch and TCP port 445 open, your system can be ransomwared.
Among the first organizations to be hit, the National Health Service, which provides healthcare for UK citizens, computers were locked up and encrypted Friday countrywide, forcing doctor’s appointments to be canceled or postponed and cancer treatments to be delayed, among other issues.