Does the Cyberworld Make You WannaCry?
It seems that everywhere you look there are reports of individuals, businesses, and governments being hit by ransomware.
What is it?
Ransomware is a form of malicious software (malware) that denies access to your systems by locking your computer or mobile device or by encrypting your electronic files. Sometimes it will render your computer completely useless except for a demand for payment.
However, in most cases it will still allow your computer to access a web browser and the internet in order to facilitate payment. In some cases the attacker will even have a staffed helpdesk you can contact for assistance in paying the ransom (usually in bitcoin).
What does it do?
Not all ransomware has the same goals and objectives. Yes, by definition they request money on the premise that you will be able to unlock your system once it is paid. However, that is not always the goal.
Some are activated to cover the bad actor’s tracks after a data breach or other attack on your system. Others, like the NotPetya version, were created to destroy data and were never intended to be decrypted. Still others are like the chain letters of old and promise to restore your system if you pass it along to a few of your friends.
This is NOT what your kindergarten teacher was talking about when teaching you to share!
How can I avoid it?
But if I don’t click on bad links in emails, I am ok…right? Wrong.
While that is certainly one way to transmit ransomware, it can also be downloaded in infected files attached to emails or thumb drives.
There are also “drive-by” downloads. Legitimate advertisements on legitimate websites are infected with a malicious code that automatically downloads the ransomware to your computer when the ad begins playing. Less-than-legitimate sites have an even higher chance of having infected ads.
It can be installed by taking advantage of a vulnerability on the system that has not been patched or updated, or it could be installed by someone who has already breached your system as a way to cover up the breach.
Is there anything I can do?
If the bottom line is that you could be careful online and still get infected with ransomware, is there anything you can do for protection? As with all matters security related – yes: you can take steps to help reduce, accept, and transfer your risk.
Reduce: Use training platforms to teach good online hygiene to everyone who accesses your network and internet connection. Make sure all your systems (computers, routers, phones, mobile devices, printers, servers, firewalls, etc.) are updated and patched. Use good and up-to-date antivirus and antimalware programs. Conduct vulnerability scans to identify any weak points in your network. Finally, use web browsers equipped with ad blockers and disable the automatic download features in those browsers.
Accept: Even with all your best efforts, you still may get infected. As we saw with the attacks on the NC State Bar and in Orange County, having up-to-date and accessible backups is key for a speedy recovery. In both of those examples, the systems were returned to a functioning state in less than a week from the attack, as compared to many weeks or even a month or longer. Just be sure to keep your backups on a separate system that is disconnected to your network – some new strains of ransomware seek out backup locations to try to encrypt those as well.
Transfer: While not a substitute for other protective strategies, purchasing insurance coverage to assist you with your system recovery or even with the payment of a ransom (which is strongly discouraged by law enforcement agencies) can be a helpful piece of your protection puzzle.
To learn more about ransomware, visit The No More Ransom Project. For additional information on common infection scenarios and ways to reduce your risk and speed up your recovery, see the FBI’s October 2nd alert “High-Impact Ransomware Attacks Threaten US Businesses and Organizations”.
About the Author
Patrick is the Vice President of Enterprise and Operational Risk Management at Lawyers Mutual as well as filling the roles of Corporate Secretary and Director of Information Security. He is an NCSB board certified specialist in Privacy & Information Security Law and has been designated a Fellow of Information Privacy and a Privacy Law Specialist by the IAPP. He is always happy to talk about his collection of tinfoil hats or to discuss risk management advice and resources that you may find helpful - you may reach him at 800.662.8843 or firstname.lastname@example.org.Read More by Patrick >