The Washington Post reports “Massive cyberattack hits Europe with widespread ransom demands.” Updates from The New York Times indicate that this new attack has even spread to businesses in the United States.

Barely six weeks have elapsed since May’s WannaCry ransomware attack, which crippled more than 300,000 computers around the world. It is clear cyber-criminals are increasing their efforts to obtain cash. What we are witnessing now is merely a prelude to even more, possibly terrifying, attacks.

As you know, ransomware is malicious software that takes over the files on your computer by encrypting them and then posting a message telling you that if you want your files back, you’ll have to pay money (ransom) to the cyber-criminals who performed the deed.

The major form of currency for payment is Bitcoin, a block-chain mechanism for payment that provides complete invisibility for the cyber-criminal. It is both currency and a monetary system. Back in January 2017, one bitcoin averaged round $900. Throughout May, when the last ransomware attack took place, prices doubled to roughly $1,800. In mid-June, for reasons that are still unknown, the price skyrocketed to $3,000. And, as of this writing (June 27, 2017), the price is down to $2,374.

What accounts for the price changes? Bitcoin is considered a commodity, and the fact that there are a fixed number of coins available, causes speculators to “bid” and “ask” on the amounts just like stocks.

As for the causes for the recent spate of attacks? A group called the “Shadow Brokers” exposed hundreds of NSA hacking tools earlier this year. Software, with names like “Double Pulsar” and “Eternal Blue,” ended up in the public domain. Once out in the open it became quite clear to cyber-criminals that anyone who could download that code, build out a distribution method, and set up a bitcoin account would be in business rather quickly.

What the perpetuators of WannaCry found out — all too quickly — was that they needed a better back-end support system of “help desk” operators to explain to people how to obtain bitcoins and how to provide payment. In the end, one researcher found a controlling website name, purchased it, and effectively turned off the ability of the malware to “phone home.” As a result, files were not encrypted and the bit-coins did not reach the cyber-crooks. The lack of adequate planning “cost” them hundreds of thousands of dollars.

The majority of computers that were affected in May were running Windows XP, an older operating system that Microsoft stopped supporting in 2014. Yet there were also thousands of Windows 7 computers that didn’t have the April 2017 Microsoft monthly update installed.

There’s the 1999 film quote: “The first rule of Fight Club is: You do not talk about Fight Club.” Well, the first rule of running Windows is: You really have to install your Microsoft updates.

So why, if businesses know these horrifying threats exist, don’t they update their computers? I don’t have an answer for that, because not patching computers doesn’t make any business sense. You can say you don’t have the time or the manpower, but those are not valid excuses. Because the reality is this: if you want to continue to use your computers while these scourges exist, you should invest in an automated means of patching them!

What else should you be doing?

You should be verifying your backups and check that they have all of your data. If one of your computers gets hit, you must have the ability to restore those encrypted files. If you don’t take backups now, then add that to your list of things to do.

Finally, you need to upgrade your security tools. If you only use an anti-virus product that scans for known virus signatures, you are not adequately protected from these zero-day threats. You must have a modern, enterprise-grade, Internet Security product along with malware protection.

What is a small business or individual supposed to do if they get hit with ransomware? For one thing, they should contact the FBI and the local authorities. In 2000, the FBI established the Internet Crime Complaint Center (IC3) at htttp://www.ic3.gov where you can fill out an online form to file your complaint.

In the recently released 2016 Internet Crime Report, the FBI reports the IC3 received:

  • 2,673 complaints identified as ransomware with losses of over $2.4 million.
  • 10,850 tech support fraud complaints with losses in excess of $7.8 million.

Wait; what’s that? Last year, the FBI received four times as many reports of fake “tech support” complaints as they did for ransomware. And those cases cost small businesses and home users three times as much money!

This leads me to conclude that more people fall for the phony phone calls from “Microsoft” saying there are problems with their computers — but are willing to report and admit it — than they are about reporting being a victim of ransomware. Undoubtedly this is because the files that were encrypted were client-related and could cause substantial problems for their business and have ramifications in terms of bad press, privacy breach notifications, and possible law suits.

Where is all of this going to end up? I’m only certain of one thing. Cyber-criminals are going to continue to up the ante because they are going to go where the money is. Consider the bad actor parked across the street from a high-end automobile lot wirelessly loading malware into the electronic control units (ECU) of the cars waiting to be delivered. As security research firm FireEye reports, “a group of vehicles disabled on a busy highway could cause serious disruption. Municipal authorities may have little choice but to pay the ransom to reopen a busy commuting route.”

Every hardware component and computer that relies on software must be patched automatically, your Internet Security software must be enterprise-strength, and back-ups taken and inspected regularly. The threats already exist out there, and they are not going to go away any time soon.

In a recent article about ransomware and the affect it has on small businesses, the author states that “security experts say the first thing to do after a ransomware event is to upgrade security and backup processes.”

I had to read that twice before I realized how true it was and how erroneous the statement is.  If an IT consultant is taking these steps after the fact, then they have failed to adequately protect their client.  I cannot see working that way – it is backwards, last generation thinking.

You want to engage with an IT consultant who prepares an entire range of security measures for blocking the possibility of ransomware from affecting your small business in the first place.  Implementing heightened security and backup after the fact won’t cut it; security measures have to be implemented before a calamity occurs.

A new proverb in our industry states that “there’s at least one employee in the office that will click on anything.”  And because that is more often true than not, you need more than the standard list of preventative measures in place, which consist of:

  • Making sure you are running a robust security solution (Internet security, anti-virus, and anti-malware)
  • Keeping the operating system up-to-date
  • Avoiding the use of plug-ins (such as Java, Adobe Flash, and Silverlight) in your web browsers
  • Being careful with email attachments and links in emails from people you don’t know

While those steps are usually issued to help safeguard home users, a small business owner also needs to include the following elevated measures:

  • Employing an advanced Unified Threat Management device (firewall)
  • Enabling server and desktop back-up to a local device and the cloud

These additional factors should help obviate the statement made by the sources for the article’s author.

However, the most important step any security-conscious IT consultant must take is to ensure that appropriate employee education takes place on a regular basis.  This is because the ransomware threat landscape is constantly evolving. Cybercriminals have found a highly effective and lucrative approach to illegally making money.  As new forms of socially engineered threats appear, employees must be reminded and their awareness must be sharpened to distinguish between a valid email and a new phishing threat.

If you want this kind of training for your staff, contact me for further information.  Don’t be a victim to ransomware!