Ransomware has been so profitable with so little effort that it’s become the main form of malware attacks perpetrated on business. Scammers have even taken to open sourcing (sharing code) to make the ability to develop successful attacks easier for themselves.
Ransomware isn’t going away any time soon.
Massive Attack Brings Tears of Frustration
You probably heard about the massive WanaCrypt0r, a version of the WannaCry ransomware, attack that affected several large industries, hospitals, and governments earlier this month.
This attack took advantage of a Microsoft file sharing protocol issue which allow the ransomware to spread to other computers without user assistance.
The attack slowed due to an attentive security tech finding a kill switch in the original version of the ransomware. However, an updated version of the ransomware without the kill switch has already hit the web.
Unfortunately, Microsoft had released an update for this problem two months before this ransomware hit. If these systems were running on properly updated software, this ransomware attack would not have spread so quickly.
Ransomware vs. Virus Software
In another recently discovered attack, ransomware scammers began hiding their malware in embedded files. Virus scanning software could not detect the code hidden inside the embedded document.
The process worked liked this:
You receive an email with a PDF attachment.
When you open the PDF, the PDF has an embedded attachment that Acrobat tries to open.
The embedded document opens in Microsoft Word, which asks you to enable editing.
When you agree to enable editing, it enables a VBA macro embedded in the Word document to run.
The macro downloads and runs the ransomware code.
Obviously, this attack was designed to circumvent current defense systems.
Understand How Your Defenses Work
Many users assume their virus scanning software will protect them.
In most instances, this is true.
However, virus scanning software is reactive. Think of it in medical terms, like a real virus. Before there are vaccines and treatments, a lot of people have to be infected and suffer.
In most cases, you have to invite the malware in for it to infect you.
The best way not to become infected is take proper precautions.
Firewalls, however, block hackers from reaching your network.
If they can’t get in, they can’t do damage.
Email filtering software sorts your emails for you.
This is nice so that the potentially dangerous ones never reach your inbox.
You also get to avoid a lot of annoying marketing emails this way.
Email filtering software lets you view the list of blocked emails in case a legitimate email gets blocked. This is a small annoyance for avoiding the danger of accidentally clicking on something you didn’t mean to.
Ad blocking software prevents sites from displaying ads. This is a key piece of security that many overlook. Typically, it comes packaged with your virus scanning software. If it doesn't, then you should look into purchasing it.
Scammers sometimes purchase ad space on legitimate websites and use that to install malware on your system. Often this doesn’t require any action from the site visitor – the website ad automatically runs the command. Sometimes this is a targeted attack, known as a 'watering hole attack', in which hackers determine which websites a specific industry frequents and use those to maximize affects.
It’s not uncommon for ad blocking software to find problems on news sites, popular blogs, or organization pages.
Preventing a Ransomware Attack
Cyber criminals do not discriminate between large and small businesses when they engineer attacks.
For many industries, medium to small businesses are more suitable targets as they are less likely to have adequate backups to restore files if an attack is successful.
Here are a few things you can do to keep yourself from facing a ransom:
Install updates. This includes Windows system updates, software updates, and server updates. The WannaCry ransomware utilized a server exploit that was patched two months prior, allowing it to self-propagate across networks easily. Installing updates can make a huge difference in what happens if someone clicks on the wrong thing.
Maintain proper security. Your security is a team sport. Make sure you have all of the pieces: virus scanning software, firewall, email filtering software, and ad blocking software. Train everyone in the office on email security so that there is no doubt regarding how to proceed when an email is received.
Have a strong password protocol. There is an easily accessible list of login credentials from older hacks on the open web. If you reuse your password throughout various sites or don’t change it regularly, you should do so now. Your password should be strong. If it’s easier, use a service such as LastPass to store passwords and create gibberish.
Don’t open unsolicited attachments. Many of the phishing scams rely on someone opening an attachment that has embedded malware. The safest protocol is to simply not open anything you aren't expecting to receive. To safely send and receive files, consider using a service like ShareFile that scans attachments and eliminates the mass spammers (who won’t go through the effort of uploading the document to send to you).
Consider being antisocial. Social media sites can be a haven for malware. Facebook is especially prone, and making it easier for scammers to attack you all the time. Anywhere you have video that automatically play is a bad place to be, especially when you don't know the source of the video.
Verify anything you’re unsure about. It’s much less embarrassing to call a colleague to confirm that they did in fact send you an email than to click on a link and encrypt your network. When confirming emails, always use a number obtained independently of the email with the questionable attachment.
Pay attention to URLs. Spammers are notorious for typing out one web address and redirecting it to another location when you click on it. If you hover your mouse over the link, the actual location it takes you too appears above the mouse.
Pay attention to sender emails, too. The from email address is another good place to look for things that aren’t quite right. In a recent Google Docs phishing scam that preyed upon the education field, many of the from emails purported to be from ‘firstname.lastname@example.org’ while actually being from ‘email@example.com’. Both addresses appeared in the ‘from’ field if you looked closely.
Hackers can correspond with you from a hacked email. If someone's email is actually hacked, the scammer can send an email directly from their account. The email will look legitimate because it is actually coming from that account. The red flag in this situation is that they will be changing instructions, typically redirecting a payment that had already been agreed upon. This is another situation where you contact the sender by calling them at the number provided via another source. Here is a good video, recommended by the NC State Bar, on this subject: ninjio.com/ep202.
If All Else Fails, Have A Backup
Regardless of how careful you are, someone in your office may click on one of those links or attachments.
To avoid paying a ransom, your only option is to have a backup so you can restore everything.
Your backup system needs to not be connected to your computer system, though. Otherwise the scammers will simply encrypt the backup along with your computers and you will be back to square one.
The best option is to have your backup stored in a remote location so that if any disaster struck your office, you would still have the backup available.
Ask for Help if You Need It
Maintaining good cybersecurity can be an overwhelming task if you aren't technologically inclined.
Using a consultant to manage your IT is always a good option. A consultant may even help you find efficiencies in software you already own.
You can also contact Lawyers Mutual if you have a question. We're always happy to help.
About the Author
Samantha Cruff is the Marketing Communications Coordinator at Lawyers Mutual. Contact Samantha for information regarding our available risk management publications at 800.662.8843 or firstname.lastname@example.org.