On Friday, May 12, a massive ransomware attack spread across the globe, infecting computer systems in Russia, Western Europe, East Asia, and North America. British hospitals, a Spanish telecom company, FedEx in the United States, and Russian websites were hit, with the ransomware spreading to more countries Monday as workers started their computers.
Rampant ransomware attacks tend to occur on Fridays. Many local cybersecurity experts agree it’s because late on Fridays most companies, organizations, and people are more focused on weekend activities than monitoring cybersecurity on information technology systems.
The WanaCrypt ransomware strain that infected tens of thousands of Windows computers is a type of malicious software that infects a computer and blocks access to data until a ransom is paid, displaying a message demanding payment to unlock it at the risk of losing all files.
WanaCrypt, also referred to as WannaCry, spread quickly due to a file-sharing vulnerability in Windows. Despite a security patch from Microsoft in March 2017, many organizations running older, unsupported versions like Windows XP had been unable to apply the update because Microsoft no longer supplied security patches for its older versions.
A day after the strain hit thousands of older computer systems, Microsoft took the unusual step of issuing security updates to address flaws in unsupported versions, including Windows XP and Windows 8. Microsoft’s emergency security measures are detailed here.
“Ransomware can be anything from a minor nuisance to a major financial and productivity disruption to you, your family, and your associates,” said Jeff Reich, Information Systems Security Association Distinguished Fellow. “It’s not about how well the ransomware is written, it’s about what you do before and when it is presented to you.”
The Rivard Report asked local cybersecurity experts what individuals and companies can do to protect themselves against ransomware threats.
“Consumers have more power than they realize in the fight against cybercrime by taking proactive measures,” said Janie Gonzalez, CEO of Webhead, a company that provides cybersecurity support, digital analyses, and advisory services.
Preventing Ransomware Attacks
All cyber experts agree that preventive measures are the best way to avoid becoming a ransomware victim. Updating and patching your IT operating systems as recommended is a core principle of ongoing IT maintenance. The same approach should be used with updating anti-virus and anti-malware software and running scans regularly.
That also includes “installing software updates from mainstream vendors such as Adobe, Java, Microsoft, and Apple,” according to Gonzalez.
Avoid suspicious or unknown websites and don’t open email messages from unverified senders.
“Never click on a link in an email message unless you know it to be valid,” Reich said. “If you’re unsure, call the sender.”
“Don’t use open [or unencrypted] Wi-Fi, change passwords often, and use multiple strong passwords,” Gonzalez added.
Companies should also conduct annual cybersecurity awareness training, teach employees basic security principles, limit employee access to data, restrict authority for installing software, and verify security controls of third-party vendors.
For individuals and companies alike, having backup copies of important data offers an additional layer of protection in the event of a ransomware attack. All experts agreed on the importance of keeping offline backups of your data that is not always connected to the internet. Most ransomware variants can encrypt files on any attached drives or network files that are also accessible to the host machine, including cloud hosting and cloud-based backups if those passwords are stored on the machine.
“Even when using online storage services including Dropbox, OneDrive, and Google Drive, you still need a safe, second vaulted copy of any critical digital records,” said Bret Piatt, President and CEO of Jungle Disk, which specializes in business data security services such as online cloud backup, virus and malware defense, and VPN. “Both regularly backing up your data, and making sure the backups are stored in a separate and secure location are critical to protecting yourself or your business from ransomware attacks.”
Malware expert and creator of BleepingComputer.com Lawrence Abrams published this online primer, which goes into many of these recommendations in more detail.
“Taking any of these steps reduces your opportunity of becoming a victim,” Reich said. “Taking all of them reduces the risk significantly.”
How to Deal with Ransomed Files
It’s difficult not to panic when confronted with a menacing cyber ransom note on your computer screen. However, some ransomware variants have free solutions posted online.
The first place victims should look is nomoreransom.org, a site backed by security firms and cybersecurity organizations in 22 countries. Since its launch in July 2016, nomoreransom.org estimates that it has been able to save 6,000 victims of ransomware more than $2 million to date. Its Crypto Sheriff page will inform you of options to unlock files for free.
Another helpful destination for ransomware victims is BleepingComputer.com, which has a Ransomware Help and Tech Support section that may save you time and money. Their resource page for the WannaCry malware can be found here.
Running out of Time
If you run out of time before the ransomware separates you from your data for good, your options are to restore your backup or pay the ransom.
Most law enforcement agencies will advise you to pay the ransom and report the crime. If you do not have your data backed up, paying the ransom – typically from $300 in WannaCry to $600 or more – is less painful than losing all your files.
“You’re going to get hit eventually,” said Jacob Stauffer, co-founder of Coherent Cyber, a local cybersecurity company that focuses on cyber threat hunting, incident response, and forensics. “If you did not follow best practices before an attack, then we can offer cyber response services to help a business pay the ransom and restore access to company files.”
Reporting the ransomware incident gives law enforcement a greater understanding of the threat and provides justification for ransomware investigations, as well as relevant information for ongoing ransomware cases. Knowing more about victims and their experiences with ransomware helps the FBI determine who is behind the attacks and how they are identifying or targeting victims.
Remember: A good offense is solid cyber defense.
“Simply put, WannaCry separates those companies who have their security act together from those that do not,” said John Dickson, security expert and principal at the Denim Group, a company that develops secure, resilient software and provides security advisory and testing services. “System updating – i.e. ‘patching’ – is one of the most mundane aspects of IT management.
“However, when these worldwide malware pandemics occur, patching suddenly becomes critical to an organization’s capability to withstand a sophisticated threat.”