In terms of protecting their data, most people don’t anticipate the possibility of a ransomware attack. Some take measures to protect themselves from familiar culprits like viruses, Trojan horses, malware, spyware, and adware.
But beyond that, everyone needs to take precautions against ransomware: the malicious malware that’s capable of encrypting digital files and demanding a ransom in order to unlock them.
Ransomware attacks are on the rise
According to the FBI, ransomware that targets businesses, school districts, hospitals, and even law enforcement agencies has been increasingly active. The rise began in 2015 and it’s expected to continue unless companies, agencies, and individuals adopt suitable preventive measures.
By now, everyone knows you’re not supposed to click on email attachments from unfamiliar senders, but some files manage to appear legitimate and ransomware attacks are becoming highly sophisticated.
The FBI’s Cyber Division Assistant Director James Trainor comments, “these criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.”
Think twice before paying a ransom
James Trainor also clarifies why you shouldn’t pay a ransom if you find yourself victimized by a ransomware attack. He’s seen many instances in which businesses have paid the ransom fee but never received a decryption key.
Trainor makes an even more cogent point when he says that paying the ransom encourages criminals to continue targeting more victims, and increases the incentive for new criminals to join them.
The latest ransomware attack: WannaCry
Earlier this year, in May, hundreds of thousands of Windows computers were assaulted by a ransomware called “WannaCry,” and the victims included government agencies. Infected computers received a message that demanded $300 in return for unlocking access to files.
This attack hit hard. Hospitals in the UK reported having to shut down multiple wards and turn patients away. Some hospitals had to advise potential patients to seek medical help elsewhere.
AVG Avast security expert Jakub Kroustek told Tweeted that he had detected more than 36,000 instances of WannaCry ransomware: mostly in Russia, Ukraine, and Taiwan. Kaspersky, a Russian security firm, declared that it had detected in excess of 45,000 instances, in 74 countries, and the hardest hit were Russia and Spain.
Corporations in the US were affected considerably less, but big firms such as FedEx were among those who got hit. FedEx confirmed to Forbes, “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware.”
WannaCry was not likely spread through email
A group of hackers that called themselves “ShadowBrokers” dumped a bunch of tools online which allegedly belonged to the NSA. One of them was a Microsoft Windows exploit called EternalBlue.
The ransomware was not spread by email, as many might have assumed. An independent malware researcher known as “Kafeine” investigated and confirmed the NSA ExternalBlue exploit was being used somehow in the attacks.
Kafeine tweeted, “WannCry/WanCrypt0r 2.0 is indeed triggering ET rule” 2024218 “ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response.” However, only a thorough investigation of packets, binary files, and content in the ShadowBrokers dump by several sources will confirm the details for certain.
Antivirus software isn’t enough
If you think your computer is safe because you’ve got the latest anti-virus software, you’re mistaken. Anti-virus software isn’t enough to protect computers against ransomware attacks.
Ransomware infects targeted computers with programs that are more sophisticated than what anti-virus software is designed to detect and combat, even with heuristics. What makes it so insidious and effective is that ransomware runs operations a regular user would perform.
And your anti-virus software isn’t necessarily going to recognize the difference. Temasoft, a leader in ransomware security states:
“Heuristics allow AV technologies to detect malware based on its behavior. This method involves machine learning via rules and statistical weights in sophisticated algorithms. However, this only works in time and only with proper training. Antivirus solutions do not have the technology to extract behavioral information relevant to ransomware because it cannot distinguish it from the regular users.”
WannaCry was stopped by accident
The WannaCry attack was stopped by a 22-year-old Kryptos Logic employee who activated the software’s “kill switch,” but that was long after some people had paid the $300 ransom. He registered a domain name he discovered in the malware, and foiled the attack strictly by chance.
WannaCry criminals had used the nonsensical domain name for the malware to make requests to. When the request showed the domain was live, the kill switch was activated.
The Kryptos Logic hero commented, “The intent was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain.”
If you don’t have protection against ransomware, your computer files are not really safe. Don’t lose your business to cybercriminals. Take precautions now, before the next round of attacks.