Recent WannaCry ransomware attack likely first of more to come
September 2017 | EXPERT BRIEFING | RISK MANAGEMENT
In what is being called the ‘worst ever’ ransomware attack, experts believe tools used to undertake a global malware campaign were part of a trove lifted from the National Security Agency (NSA) by as-yet-unknown parties.
Apparently exploiting a vulnerability in the Microsoft operating system, hackers used sophisticated nation-state tools allegedly created by the NSA. In August 2016, it became public news that a hacking group named ‘Shadow Brokers’ was selling the tools. The group, apparently frustrated by poor sales of the tools, dumped a portion of them on the web in April 2017, free for the taking.
By May, WannaCry, also known as WannaCryptor, was circulated in an attack that caused grief, data loss and confusion in 150 countries. Not just aimed at private consumers, or even enterprise, the malware shut down transportation networks, hospitals and other vital agencies around the world.
Cyber security experts at Kaspersky Lab indicated no action was needed by computer users to deploy the malware that locks up screens and demands a $300 bitcoin ransom. Using a worm component, the malware deploys on an existing Microsoft vulnerability. Kaspersky has noted in media reports that Russia is believed to be the country hardest hit by the ransomware.
The National Cybersecurity and Communications Integration Center (NCCIC) released advice surrounding the ransomware and the actions that could be taken to work around the hack. Primary advice from all fronts was to ensure your operating system are fully updated. Microsoft deployed a patch to protect against this particular NSA tool in March 2017.
Ransomware is not going away anytime soon
According to the recently released 10th annual Breach Report from Verizon, ‘ransom notes’ are now “the most profitable form of writing”. In 2014, ransomware was 22nd on the list of tools used to defraud and attack internet interests. Now, ransomware is 5th on the list and rising.
Verizon attributes continuing technical innovation and a trend toward institutional targets as the reason for the growing popularity of ransomware. Healthcare and financial services are prime malware targets, as are institutions where infection of one computer is likely to provide a gateway to a large network or multiple networks.
Responding to the threat of ransomware involves detection of malware prior to infection, managing the outcomes of ransomware ‘criminal campaigns’ and recovering data on compromised systems.
One initiative in the fight against global ransomware deployment is a collaborative effort between vendors, security experts, law enforcement and other groups. The effort is titled ‘NoMoreRansom!’ and its website hosts advice and encryption tools for anyone impacted by ransomware.
Cyber hygiene – remember to think before you click
Although WannaCry depended on a software vulnerability rather than social engineering, the results were the same. Consider these tips to keep yourself safe from ransomware that is likely to threaten your business or personal data in the future. First, stay up to date. Keep your computers and devices fully updated. Second, back it up. Backing up your documents and computer contents is advice that does not go out of style. NoMoreRansom! advises two back-up systems, one in the Cloud and one physical back-up on a different computer, external storage or portable hard drive. As well as being useful if you accidentally delete a file, these systems can restore your computer without paying a ransom if you are hit with malware. Finally, think before you click: think twice about email links, links in ads, and seemingly innocent links from a familiar email address that may contain malware.
If you are hit with ransomware, US CERT and other computer security experts advise that you do not pay the ransom. Paying money could increase your odds of being attacked again, and it does not mean your data will be returned uncorrupted, if at all. The malware will probably remain on your computer, creating future opportunity for attack.
WannaCry was most likely the kick-off for a series of malware attacks executed by amateurs with tools developed with serious, nation-state skill by the NSA.
Cheryl L Tyler is the president and CEO at CLT3 Consulting, LLC. She can be contacted on +1 (240) 481 7756 or by email: firstname.lastname@example.org.
© Financier Worldwide
Cheryl L Tyler
CLT3 Consulting, LLC