Held Hostage
Ransomware: How to stop it once and for all
- By David Wagner
- Nov 01, 2017
Ransomware attacks are becoming infamous.
As I write now, the Petya attack is
unfolding. And in May, the world was hit
with WannaCry, an attack that affected
computers in more than 150 countries.
The wormlike virus moved into unprotected
Windows servers that didn’t contain a critical patch, encrypting
files with a ransom of $300 in bitcoin from users. Within
its relatively short life span, WannaCry infiltrated more than
100,000 computers, including those in U.K. hospital systems,
telecom businesses in Spain and corporations in Asia.
The scariest part of the attack isn’t how many computers it
compromised or how many countries it was found in, but rather
the fact that older operating systems—many of which are still in
wide circulation and use—gave little protection against it.
The virus itself wasn’t handcrafted by a single individual, nor
was it the brainchild of a group of hackers. It was actually stolen
from the National Security Agency. Shortly after reports came in
about the theft, Microsoft released a security update to patch the
same vulnerability that the WannaCry ransomware—and likely
Petya as well—took advantage of.
Ransomware attacks are not new, and they’re not going to
stop anytime soon. Now that hackers can monetize their actions
and make hundreds of thousands of dollars in a few days, they’ll
continue to look for weak spots in software and corporate security
policies to exploit.
Like any other disease, curing this type of virus begins with
awareness. It’s not enough to just include the one patch that stops
the Petya and WannaCry viruses. It’s not enough to do the bare
minimum. Businesses have to change their mindsets and become
aware of their own vulnerabilities. They need to take ownership
of them and work to strengthen the places that hackers could
potentially exploit.
Owning the Problem
The only real action any business can take to prevent these attacks
is to put in place a strategic information security risk management
framework to address evolving threats. That means creating
policies for backups or finding a new, agile way to control
and protect your business information. It requires policies that
are made for a specific business, its employees, and its unique environment—
taking everything into consideration.
As long as vulnerabilities and opportunities for hacking exist,
the ransomware business model will continue to affect thousands
of businesses all over the globe. According to the FBI, ransomware
attacks quadrupled between 2015 and 2016. And there’s no
indication that this will slow anytime soon—unless businesses decide
to drastically shrink the market by implementing policies to
protect themselves.
There are three ways businesses can effectively close the market
for ransomware attacks. Some of them are time-consuming,
and others are expensive, but the benefits significantly outweigh
the risk of having business information stolen by hackers.
Implement an upgrade policy. This is the obvious starting point
for many companies. It’s relatively easy to implement but could
end up being the one thing that saves a business from bankruptcy.
When ransomware attackers encrypt files and send their ransom
notes, they promise the safe return of data upon a specified payment.
But they don’t always follow through.
What happens if a business pays the ransom but doesn’t receive
its data back? The consequences could be catastrophic. Implementing
an upgrade policy protects a business’s future while
simultaneously preventing attacks like Petya and WannaCry by
patching software vulnerabilities.
Only use supported software. Today, there is no shortage of
free software. There’s a reason the phrase “there’s an app for that”
exists. Businesses will often go find these free or inexpensive products
and justify it by exclaiming the cost benefits. However, when
that software is then the cause of a malicious attack, the cost
benefits don’t outweigh the risks.
Identify your greatest risk. Email remains the top attack vector,
and ensuring its security should be a top priority. Secure email
gateways are a great way to prevent malicious software from entering
your network. Those gateways shouldn’t rely on only signatures
to protect email. Not all malicious attacks can be caught
by these signatures. Instead, secure email gateways should look
at the content in the email, including URLs and attachments, in
addition to signature-based screening.
Ransomware attacks on businesses have far-reaching implications.
The only way to stop these attacks is for businesses, nonprofits,
and other organizations to work diligently to create policies
that make it substantially more difficult for hackers to find
vulnerabilities they can exploit.
This article originally appeared in the November 2017 issue of Security Today.