Ransomware came into the mainstream when WannaCry’s global hack compromised hundreds of thousands of computers. Victims ranging from individuals to hospitals to major corporations found themselves locked out of their files and sensitive data. Their data had been encrypted and was unusable, creating mass chaos across the global marketplace. Hackers then demanded upwards of $300 in Bitcoin to unlock data, with reports indicating they never actually released the files.
How did hackers manage to cause cyber destruction around the globe? The problem was quickly identified as an issue with a Windows system vulnerability. A type of malware wormed its way through those system vulnerabilities – and while the media interchangeably used the words ransomware and ransomware to describe the hack, they’re not exactly the same thing.
Unlike ransomware that typically invades computers through email spam campaigns, Ransomware spreads by hunting down vulnerabilities in networks and devices. Research from Malware Bytes Labs found that ransomware intrudes through public-facing SMB ports and uses exploits to get onto the network. In the WannaCry ransomware case, the worm found an alleged NSA-leaked EternalBlue exploit to seize its victims’ files and overtake their computers by encrypting data.
But does the difference really between ransomware and ransomware really matter? Users who think the difference is negligible because both are a form of ransom could be setting themselves up for an attack. If you’re only looking at email phishing and related scams for ransom hacks, you won’t be prepared for the next wave of ransomware making its way around the world.
There are ways to stay proactive and protect your data before it’s too late. Here’s what to know about ransomware and how to protect yourself from the next attack.
WannaCry is just one Ransomware in a long line of attacks. In fact, we’re seeing a resurgence of worms after their heyday back when they were focused on infected networks.
Computer worms were coined by writer John Brunner in 1975 with his book, “The Shockwave Rider.” He described how “data-net tapeworms” gathered data as they spread through computers across a variety of networks. But it wasn’t until early 2016 that experts saw ransomware infecting devices with unpatched servers and vulnerabilities.
Previous network worms like CodeRed and Conficker were once commonplace and spread like wildfire through file sharing or network vulnerabilities. Once these worms penetrated the networks, they were difficult to stop and infiltrated multiple devices. Today, hackers are combining the power of ransomware and the concept behind network worms to create Ransomware. Like network worms, ransomware gets into systems, but then take over the files and encrypt them. This is when hackers step in and demand a ransom to decrypt the files and release them to their rightful owner.
Unlike malware’s reliance on email phishing schemes, ransomware works its way into computer systems by exploiting vulnerabilities such as outdated operating systems and patches. Once the Ransomware has worked its way into a device, hackers can encrypt the data and lock out the user.
It’s no secret what hackers want. They post a malicious note to run on the screen for the person who tries to log on. The sinister message explains their computer has been hacked and how to pay the ransom. At this point, there is little the user can do to recover their encrypted files.
However, the lack of email phishing involved can leave savvy computer and internet users vulnerable. Even amateur web users have some knowledge of ransomware and know not to open emails or click links from unknown users. Instead of looking for phishing schemes and deleting suspicious emails, worms can intrude without the user doing anything. It’s actually the lack of action that can create vulnerabilities, as users fail to update old operating systems and ignore new patches.
Staying in-the-know about the latest ransomware exploits keeps users diligent against the latest attacks. Hackers adapt rapidly and what works today could be gone tomorrow and replaced with something far more sophisticated. It’s also wise to expect copycats to emerge after a major Ransomware attack like WannaCry. Shortly after the dust settled, Petya surfaced and started targeting the same vulnerabilities.
Knowing what’s going on with the latest trends in ransomware is just the first step. Keep an eye on the news and IT-focused websites that alert to the latest device vulnerabilities. Don’t wait to update your system networks and devices. By the time hackers find a way into your system with ransomware, it’s too late to make updates.
It’s sometimes possible to find a solution to combat the latest Ransomware, but time is of the essence. Otherwise, hackers wise up and tweak their worms to combat the solution.
During the WannaCry outbreak, French researchers came up with a way to encrypt files and restore data without paying the ransom. The solution, dubbed Wanakiwi, involves extracting the keys to WannaCry encryption codes using prime numbers instead of breaking into the digits behind the ransomware’s encryption key.
However, solutions can also be fickle. Wanakiwi didn’t work for everyone who tried it and seemed to rely on keeping the device turned on and refraining from shutting it down. Before you do anything to your computer after an attack, use a separate device to quickly research solutions that can get your data released. You could ultimately stumble across a way to keep your data intact and out of hackers’ hands.
Ransomware and malware are nightmares to deal with, but combating them doesn’t have to be a crisis. Prepare yourself for an attack with the only surefire way to protect yourself: safeguard your data and sensitive information against ransomware by regularly backing up your files. Choose a third-party cloud provider with the highest industry standard for storage and encryption to keep your data safe.
While it won’t stop ransomware from happening, being able to restore files from an off-site cloud storage provider can cut off hackers at the pass. Users can simply restore their files and reset their devices to factory settings or purchase new ones instead of paying the ransom.
Ransomware relies on system vulnerabilities, apps, and patches to work its way into your device and your data. Keep hackers at bay by regularly updating your operating system and looking for any approved patches from a manufacturer like Apple or Microsoft.
It’s also crucial to keep your apps updated to the latest version to ensure the highest level of security. Users should never download apps from the unknown provider and decline an app’s request to access data, whether that’s passwords, photos or other files.
Ransomware shows no signs of slowing down and will continue getting more sophisticated and expensive. According to reporting from Business Insider, hackers in the cyber ransom game can extort up to $60,000 in one week alone. Meanwhile, cybercrime-related costs are expected to reach $2 trillion by 2019.
And as cyber crimes rise, so will our intelligence agencies’ push to develop tools to combat it. While that may sound like good news, it can actually signal bigger problems. In WannaCry’s case, it was discovered that the NSA actually developed the worm and it was later stolen or leaked to hackers. As word spreads about the advancement in worms and cyber tools, so will hackers’ determination to sourcing them.
We can also expect trends in invisible ransomware to spike as internet users become savvier to phishing schemes that download ransomware onto their computers. Helpnet Security predicts we’ll see ransomware that automatically spreads quickly and successfully across local networks, and possibly the internet. When and if that happens, users will be helpless to fight off ransomware while still using outdated systems and apps. At the end of the day, staying alert, creating a culture of security and protecting your data are the only ways to combat ransomware.
Some ransomware programs ask for as little as $30 to release encrypted files. Other companies have paid thousands, usually in hard-to-trace bitcoin, to regain control over their devices. And some reports suggest embarrassed companies have secretly paid millions to hackers in hopes of keeping control over the situation and getting their data back as quickly as possible.
But regardless of whether or not companies are willing to pay, it doesn’t always make for a happy ending. According to research from Kaspersky, 20% of ransomware victims who paid up never got their files back. And not paying may be the only thing that ultimately deters hackers.
Ransomware relies on victims paying up in order to keep the cycle going. Hackers will eventually move on to other cybercrimes if ransoms are no longer being paid. And there’s another reason to break the ransom cycle: hackers could identify you as a victim who is willing to pay and continue looking for vulnerabilities to take over your data and collect ransom again.
What are your predictions about Ransomware and how to fight it? Let us know by leaving a comment below:
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. He was instrumental in building the product/service and technology team from scratch and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. He has proven experience (10+ years) in the security industry and has held various mgmt/leadership roles in Product Development, Professional Services, and Sales during his time at Entrust Data card.