Don’t become a victim of ransomware attacks!
By: Bertrand Milot
Original, as it appears on FacteurH – http://facteurh.com
As one of my colleagues often says, “You’re a target, don’t be a victim!” I like this statement a lot because it implies and conveys the notion that it’s not a matter of “if I will get hacked” but “when”. In risk management, they say, “We have never been so close to the next incident as now.” The question should be, “When will this happen to me?” So, is that the right question? No… If we know that an incident will eventually occur, the right question would be, “Am I prepared for such an incident?”
That’s a question that should have been asked by over 200,000 victims of the “Wannacry” ransomware attack on computers and servers in 150 countries around the world in only a few days, according to the latest Europol statistics.
Ransomware, you knew the viruses! Today these “new” computer threats are literally easy money for computer hackers. One of them, called “Cryptowall”, alone generated income of over USD $325 million in bitcoins (a virtual, untraceable currency based on the technological principle of the blockchain), with an exchange rate that has literally exploded from CAD $600 a few months ago to over CAD $2,000 in the last few days. (https://www.msn.com/fr-ca/actualites/other/le-cours-du-bitcoin-senvole/ar-BBBsmUZ).
It’s easy money for criminals and a motherlode that is easy to exploit. F-Secure, a security software company, shows us a beautiful representation of the very exponential evolution of ransomware over the past seven years: https://newsfromthelab.files.wordpress.com/2017/04/ransomware-timeline-2010-2017.png. Briefly, for those who are not familiar with it, ransomware, once it’s installed in your machine, is software that locks your files and demands a considerable ransom (USD $30–$1,200 per group of corrupted files) in exchange for a decryption key that supposedly gives you access to your files again. Why “supposedly”? Because, unfortunately, some ransomware that is still in the beta, or test, version does not run very well and becomes amnesic, taking away all hope of ever seeing your files intact in their initial state again. The other problem is that we can be certain that the software only makes the files unreadable. Without necessarily becoming totally paranoid, if these computer infections mutate several times (see the F-Secure graph above), if the intention is to harm, and if this same infection is capable of modifying your files and creating others, then the possibilities become manifold. Has data, an identity or a password been stolen (e.g. Angler Exploit Kit). Has there been a data leak? Has the machine been taken over completely?
Can we really be at so much risk and at the mercy of such phenomena? Yes. Universities, manufacturers, government authorities, banks, telecom operators, hospitals… In short, all industries are affected. Wannacry forced hospitals to transfer patients to other medical centres as a precautionary measure during the famous weekend of May 13, 2017. French car manufacturer Renault-Nissan was obliged to shut down some production lines. All this as hundreds of thousands of everyday people—victims—were being affected. Some ransomware even showed a sadistic streak: “PopCornTime Ransomware” suggests that you infect the computers of acquaintances rather than pay the ransom; “Rensenware” suggests that you play for the best score. Others urge you to pay within the allotted time or the ransom will be doubled, or worse: in the case of “JigsawRansomware”, your files will be deleted. Some ransomware can even infect your smartphone.
In short, we must not become the weak links in our organizations, families, or neighbouring cyber community. There are solutions, such as backing up your data and encrypting it with 7zip, WinZip or VeraCrypt using a password; not being the administrator of your own computer (using the administrator account only if you need it to install software, for example); not clicking on links in unexpected emails; not browsing or searching illegal or illegitimate content on the Internet; keeping your computer and all software current (especially internet browsers and their extensions); installing anti-malware such as Malwarebytes and an MBR tool such as MBRFilter from Cisco-Talos; always downloading software from a reliable source (from the official site of the software builder); and removing obsolete systems and applications (no longer using any security updates from the builder). Security software suppliers such as Kaspersky and TrendMicro also offer anti-ransomware solutions. You can also call on “NoMoreRansom” if you are, unfortunately, infected.
As for the rest, call an expert, not the friend of a distant cousin of your brother-in-law “who knows something about computers”.