Crossroads Blog | Institute National Security and Counterterrorism

Cyber Attacks, Cybercrime, ransomware

Ransomware: Beware the Users, and Other Things As well…

Ransomware, Hacks, and Cybersecurity Issues: As long as there are users there will be issues

Various media outlets have reported a dramatic rise in ransomware attacks and the NY Times reported that the most recent attacks impacted over 200,000 machines running the Windows operating systems (OS), across 150 countries.  The NYTimes article posits that hospitals, academic institutions, and technology companies were targeted during this cyberattack.  The article goes on to state that it is likely that exercising caution while online may have prevented the malware from infiltrating and infecting the networks from the outset.  While the malware has been identified as the “WannaCry” variant, it seems a security update was made available by Microsoft nearly two months ago, according to the article.  Thus, here we see a double-whammy: 1) administrators were not timely in rolling out updates; and 2) users clicked on or opened e-mails which facilitated the spread (this second point is contentious as some security vendors dispute whether or not the payload was delivered using a typical phishing scheme).


What Now?

Ultimately these things typically seem to come down to the user.  While IT professionals can implement policies and procedures to ensure that patches and security updates are applied regularly, it is the user, who can make or break nearly any policy or procedure.  Until artificial intelligence takes over and heuristics rule the day, we will continue to see successful (and yet rudimentary) attacks.  That may help going forward but it doesn’t help in the here and now, however the following may.  There are procedures companies and individuals can implement to limit the damage that ransomware can inflict and hopefully avoid paying a ransom for the return of their un-encrypted data.

One would think that the concept of security updates and remaining current with patches would be a no-brainer; however, clearly that is not the case.  Therefore, step zero if you will is to stay on top of this and ensure that all of your computing devices are using the latest supported versions with the latest patches and security updates applied.   For a standard user, you should then practice good cyber hygiene, do not click on or open e-mails from unknown senders and do not click links in e-mails unless they are from a trusted source and do not exhibit any of the tell-tale signs (e.,g misspellings, poor grammar usage, link that goes to an unknown domain, etc.).  It is equally important that you maintain backups of your data that are in traditional backup format and ideally streamed to the backup device so that the backups themselves stay beyond the reach of ransomware.  However, as I found in my previous career, a backup is only as good as the restore and all too often restores are not fully (if at all) tested and this creates a terrible scenario.  Ideally you would have a full-scale disaster recovery (DR) plan, however these are largely beyond the expertise of the typical user and even some businesses.  Without a DR plan both created and tested, companies will continue to find themselves victims of ransomware and to mitigate risk they will often decide to pay rather than test their restore capabilities for the very first time.

The Short Version:

Know thy sender: if you aren’t certain it is from a trusted source, delete it rather than opening.  Same goes for links — type the address to the domain yourself rather than clicking a link you aren’t sure of.

Updates and Patches: turn on automatic updates, download and install the latest security updates, and check manually on a regular basis to ensure those “automatic” features are working.

Backup: if it is worth saving, it is worth backing up.  Don’t forget that with the technological advances of handheld devices you should ensure that those are backed up as well.

Restore: test your restores, make sure you can restore a file, a folder, and an entire device.  Sometimes a bare-metal restore is the only option to make sure you can bring your data back online with an entirely new device.

 

 

Leave a Reply

Bitnami