By: Jason Murphy, Sr. Sales Engineer and Solutions Architect, CareWorx
In early May 2017 a Ransomware by the name of ‘WannaCry’ ravaged the internet – attacking all types of businesses across Europe and the United States. You may remember hearing on the news how the NHS (The National Health Service of the UK) was infected by the WannaCry attack and it was only when Marcus Hutchins invented a “kill switch” that the Ransomware was deactivated.
Some notable figures from the fallout of WannaCry at the NHS were:
- Over 6,912 appointments were cancelled (it’s estimated to be more like 19,494)
- This affected 81 of the 236 locations (or Trusts) across England
- 27 of those locations were acute care facilities
- More than 1,200 pieces of diagnostic equipment were infected by the Ransomware
(although even further devices were kept offline due to server reboots and devices were put out of use after being disconnected from IT systems to prevent the infection spreading)
You may be asking yourself, what is Ransomware? Okay, maybe not. I am pretty sure you’ve all heard of it by now based on media reports, but I think it’s good to know what we are dealing with.
There are three types of Ransomware:
- Locker Ransomware
- Encrypting Ransomware; and
- Master Boot Record Ransomware (which is really a form of a Locker)
These nasties are some of the worst and most persistent viruses out there. Some common or popular types of Ransomware over the past 5 years are Petya, WannaCry, Bad Rabbit, TeslaCrypt, SamSam and SimpleLocker. Over the years, Ransomware has grown from an annoyance to a major crisis and this has developed over the years to simply infecting a single computer to infecting entire enterprise networks. The Ransomware virus SamSam, for example infiltrates by exploiting vulnerabilities or guessing weak passwords in a target’s public-facing systems, and then uses mechanisms like the popular Mimikatz password discovery tool to start to gain control of a network. Recently as of March 2018, the City Government of Atlanta was basically in shutdown mode due to massive Ransomware infection.
Global security giant Sophos breaks down how Ransomware works:
- One of the most common attack vectors are via phishing spam or email attachments masquerading as a legitimate email or file they should trust.
- Once downloaded, or opened, the ransomware takes over either through tricking the end-user into giving the malware administrative access or, in the case of viruses like NotPetya, by exploiting security holes without the need to trick users.
- Once the ransomware takes hold, it reaches back out to the internet to a Command and Control (C2) Source which generates the encryption key which then, in turn, encrypts the data or drives.
- Finally, extortion notice is presented with a countdown time expiry to pay in bitcoin or cryptocurrency.
Now that we have a good understanding of what Ransomware does, how it works and how sophisticated it can be, the next logical question becomes, how do we protect ourselves? There are several strategies that I recommend you look at that have become the “gold standard” in what is called the layered security approach (defensive) but here are several of my top 10.
- Web protection
- Patch management
- Email security and archiving
- Vulnerability assessment and analytics
- Antivirus software
- Data encryption
- Next Generation Firewalls
- Digital certificates
- Anti-spam and spam filters
- Privacy controls
Now this may seem like a really good list you can implement, which it is – but my suggestion is you find a partner or vendor that can lower your costs and has deep expertise in these products or services.
Whether you are Equifax, the City Government of Atlanta or a small business or consumer, we have the same wants and needs: to protect our collective businesses and ourselves from Ransomware and other threats. As criminals turn away from Ransomware to cryptojacking as the next big threat, the challenges get greater and more advanced.
About the Author:
Jason has been in the managed services space for almost 10 years and has been working in IT for the public and private sector for over 18 years. Today at CareWorx, Jason has become the trusted advisor to local area businesses when it comes to advising them on their security strategy and implementation. He works closely with CIOs/CISOs and VPs of Information Technology to understand their needs. Jason takes pride himself in remaining on top of technology trends and the latest innovations to ensure CareWorx’ clients have the right solutions in place in order to take a proactive approach when it comes to security concerns. For further security concerns you may contact him at firstname.lastname@example.org