In this very moment, someone is clicking a link in a spam email or activating macros in a malicious document. In a few seconds, all their data will be encrypted and they’ll just have a few days to pay hundreds of dollars to get it back. It’s Ransomware!
Take this story from the New York Times:
MY mother received the ransom note on the Tuesday before Thanksgiving. It popped up on her computer screen soon after she’d discovered that all of her files had been locked. “Your files are encrypted,” it announced. “To get the key to decrypt files you have to pay 500 USD.” If my mother failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC — all of her data — would be lost forever.
So, what is Ransomware?
Ransomware is a complicated malware that blocks the user’s access to their own files, and the only way to get back the files is to pay a ransom. WannaCry vulnerability in Windows OS, first discovered by the NSA, and then publicly revealed to the world by the Shadow Brokers. In the first few hours, 200,000 machines were infected. Big organizations such as Renault or the NHS were struck and crippled by the attack.
Ransomware has been a growing trend for the past two years, and this is just a culmination, a grand reveal to the wider world of just how big of a threat it is. But we’ve been writing about this for a while now.
Why they target businesses?
Because simply that’s where the money is! They know well that this infection can cause major business disruptions especially that they can affect servers too, which will increase their chances of getting paid.
This Chart by statista sums up key numbers in relation to the WannaCry cyber attack.
How did it spread?
- Spam email campaigns that contain malicious links or attachments
- Security exploits in vulnerable software
- Internet traffic redirects to malicious websites
- Legitimate websites that have malicious code injected in their web pages
- Drive-by downloads
- Malvertising campaigns
- SMS messages (when targeting mobile devices)
- Self-propagation (spreading from one infected computer to another)
- Affiliate schemes in ransomware-as-a-service (Basically, the developer behind the ransomware earns a cut of the profits each time a user pays the ransom)
Is it over yet?
Unfortunately NO! These attacks get more enhanced by the day, as cyber criminals learn from their mistakes and tweak their malicious code to be stronger, more intrusive and better suited to avoid cyber security solutions.
The WannaCry attack is a perfect example of this since it used a widespread Windows vulnerability to infect a computer with basically no user interaction.
Promise yourself to do these things:
On your PC:
- Have a backup for important files
- Don’t turn on The Dropbox/Google Drive/OneDrive/etc. application on your computer by default. Sync the data and close them once done
- Use an up to date operating system and software including security updates
- Turn off macros in the Microsoft Office suite – Word, Excel, PowerPoint, etc.
- Remove plugins from your browsers such as Adobe Flash, Adobe Reader, Java, and Silverlight. You can activate them only when needed
- Adjust the browser security and privacy settings to increased protection
- Definitely, use an ad-blocker to avoid malicious ads
- Don’t ever open spam emails or emails from unknown senders (or download the files of course)
- Use a reliable paid antivirus product with automatic update
May you all after reading this post be prepared anytime for a malware attack. Prevention is absolutely the best security strategy in this case.