|
Ransomware strikes are on the rise. Organizations and their employees need to be aware of how to protect themselves against these increasingly common forms of attack.
News of ransomware attacks have been increasing dramatically in recent years. Organizations, both large and small, have fallen victim to them. Computer networks are infiltrated with malicious software that renders software and data unreadable, followed by a ransom demand promising to restore it.
Even government agencies aren't immune to the onslaught. In 2018, five separate government departments in the city of Atlanta were left without the use of their computer and network for an entire week. As recently as August, twenty three government organizations in Texas were also hit by a coordinated ransomware attack. Not wanting to encourage future attempts, neither state has indicated whether or not they paid the ransom, but clearly both incurred exceptional costs - just in terms of disruption.
On September 20th, Campbell County Health of Wyoming fell victim to a ransomware attack that resulted in the cancellation of surgeries and various other outpatient procedures. Everything from the cancer center's radiation treatments to respiratory therapy and even blood draws were placed on hold. The potential effects of computer-based attacks that can immobilize entire organizations can be utterly devastating.
It's clearly become incumbent on organizations and the employees to protect themselves against these increasingly common forms of attack. Standard network security measures such as firewalls and anti-virus have proven largely ineffective in routing the spread of infectious malware. What's required is better understanding on the part of administrators and users alike of how ransomware is propagated and how to safeguard against it.
Going "Phishing"
While there are several techniques employed by ransomware attackers, each one centers on embedding malicious software on computers and networks in target organizations. These software programs begin by propagating themselves to all computers connected to the network; silently duplicating and installing themselves machine by machine, without the knowledge of the users. The trap is now set. The software patiently waits unit it's eventually triggered by a remote instruction, or based on a preset time or event.
Once activated, the software sets about encrypting software and data on all affected computers, servers and connected data stores. In most cases nothing is lost but the information is left entirely inaccessible by users. The attack is complete when an email is dispatched demanding a cash payment (typically in untraceable bitcoin) to decrypt the files.
The impact of such attacks extends far beyond the initial cost of restoring the inaccessible information. Even if an organization concedes to the demand for payment, and even if the attacker delivers on their promise of restoring the data, the damage is done. The embedded software remains installed throughout the organizations computer infrastructure, waiting for the moment the attacker decides to take another bite. The only certain remedy is a thorough purge of every computer and server attached to the network. Absent recent backups, organizations are forced to incur substantial costs in reconfiguring networks and reinstalling software.
Perhaps the most troubling consideration, beyond the time spent and costs incurred by such attacks is the ongoing threat of future incidents. Despite the best efforts of network security experts, the unfortunate reality is that the great vulnerability facing any infrastructure is the people that work there. The popular media takes great joy in portraying "hackers" and unstoppable geniuses that can penetrate and security system in a matter of seconds. As is the case with most film villains, these bear very little resemblance to reality.
The fact of the matter is that most security breaches are the result of what hackers like to call "social engineering"; the practice of making employees unwittingly complicit in their attacks. This can be as simple as someone calling an office worker and convincing them that they're calling from a software manufacturer or support team. The employee eagerly provides the caller with login credentials, computer access or anything else that is asked of them. Countless private individuals have reported calls from companies claiming to provide support for Microsoft Windows and requesting access to their PCs. |
|
In office environments, one of the most popular forms of attack is one called "phishing". It's popular because it's effective. Infected attachments are sent via email with messages carefully designed to entice users to open them. Emails have been seen mimicking those one might expect to see from financial institutions and online vendors. Popular banks and websites like Amazon and Federal Express are commonly used to disguise the actual intention of the email. Some malicious actors even pose as government agencies in order to lure unsuspecting users into opening infected attachments.
Email users are strongly advised to proceed with extreme caution when opening attached documents. Even the innocuous ones like Microsoft Word and Excel documents can be used to obfuscate malware. Security experts commonly advise users not to open attachments from unknown sources; this is sound advice, but by no means a guarantee. Originating email address can easily be "spoofed" to make messages appear to originate from a trusted source. The best advice would be to verify a file with the sending party before even considering opening it.
Clearly technology based crime is on the rise, with no signs of abating any time soon. Companies and individuals need to be aware of potential threats and put mechanisms in place to protect themselves and their organizations.
At AVAware, it is standard practice to never send software via email messages and only distribute through a secure server. Users are cautioned not to reveal confidential information such as passwords to anyone - even from organizations you are familiar with.
|
