Posted October 27, 2017
How do you make two ugly concepts worse? Combine them. Ransomware, malware that is installed on devices to extort a ransom from the victim, is becoming ever more popular. These ransoms usually take one of two forms: firstly, there is ransomware such as WannaCry, which encrypts your data, making it unreadable and thus useless. Other ransomware, such as Petya, locks the user out of their system by encrypting key files rather than the whole computer. These key files are necessary to allow the computer to boot, so targeting them makes the computer effectively unusable for the victim.
Both approaches require a secret key to transform the data back into a readable format, which is only distributed to the victim in exchange for money. Payments demanded by the attackers range from three hundred euros up to several thousand per device, and normally must be paid in Bitcoin, a digital currency that can be used anonymously. However, there is never a guarantee that the cybercriminals will restore the data after the payment is made, which is why paying the ransom is never advisable.
How Does It Spread?
In most cases, ransomware finds its way on a device through user interactions, meaning that someone has to click a link or download a file for the ransomware to do its shady work. This is why social engineering, the art of manipulating people to gain sensitive information, is such a big threat to organizations and why it is important to train employees to effectively deal with phishing emails (see our blog post “The Human Factor” for more). However, WannaCry, the most notorious ransomware to date, spread through other means. Security researchers believe that the worm spread by exploiting a Windows programme designed to share files over a windows server. Yet this vulnerability was discovered and fixed by Microsoft in March 2017, two months prior to WannaCry.
So how did WannaCry manage to infect 200.000 businesses in 150 countries, causing estimated damages of $1 billion? The problem is that many affected organizations did not install the Windows patch or used old software that was no longer supported by Microsoft. Moreover, many businesses still exclusively rely on commercial anti-virus systems to protect them from cyber risks or depend on help from official channels, which leaves many organizations vulnerable and unaware of these threats. The prime victim of these attacks are usually SMEs, as they often have fewer defences against attacks and because ransomware is relatively easy to send to many victims, encouraging criminals to cast a wide net for vulnerable targets.
What Can You Do To Protect Yourself?
Although decryption tools are available for most known strands of ransomware, new evolutions of malware mean waiting for an ‘antidote’ can paralyse business operations, creating huge financial losses in the meantime. However, even if your business doesn’t have a big budget to spend on cybersecurity or you’ve been focusing on other priorities, there are simple steps available to any business that can protect you against all known ransomware. The three most effective solutions that Cyberlight Security recommends are to 1) back up sensitive files regularly and securely, 2) create strict update policies and 3) provide comprehensive social engineering training to all employees:
1) Regular backups takes away leverage from the hackers. If there is a copy of the encrypted data, there is no need to pay the ransom. The system can just be formatted and business can continue uninterrupted. However, there are several things to consider in order to back up files correctly, such as using the power of encryption to store your data securely. We at Cyberlight Security have implemented a backup policy of at least three backups of our data which are disconnected from the internet and are properly secured with effective encryption. This is something we also regularly teach our clients in our workshops.
2) Big software vendors like Microsoft have teams that scan their source code constantly for vulnerabilities and will patch these right away. By activating automatic updates on business devices, you can make sure that you don’t miss them. In addition, all employees need to update their own devices constantly to not fall victim to vulnerabilities that can compromise your systems.
3) Since most ransomware spreads through phishing campaigns, people remain the most vulnerable factor in an effective defence against cybercriminals. During our training, we often find that people are not aware of how common social engineering really is. This is something we try to change through our workshops in order to help small and medium businesses secure themselves against ransomware and other threats.
We hope that this clears up some of the confusion regarding ransomware and that these tips will empower you to protect your business against the WannaCrys or Petyas of the future.
Co-founder, social engineering specialist and amateur philosopher.

Leave a Reply

Your email address will not be published.

Scroll to top