The Washington Post reports “Massive cyberattack hits Europe with widespread ransom demands.” Updates from The New York Times indicate that this new attack has even spread to businesses in the United States.
Barely six weeks have elapsed since May’s WannaCry ransomware attack, which crippled more than 300,000 computers around the world. It is clear cyber-criminals are increasing their efforts to obtain cash. What we are witnessing now is merely a prelude to even more, possibly terrifying, attacks.
As you know, ransomware is malicious software that takes over the files on your computer by encrypting them and then posting a message telling you that if you want your files back, you’ll have to pay money (ransom) to the cyber-criminals who performed the deed.
The major form of currency for payment is Bitcoin, a block-chain mechanism for payment that provides complete invisibility for the cyber-criminal. It is both currency and a monetary system. Back in January 2017, one bitcoin averaged round $900. Throughout May, when the last ransomware attack took place, prices doubled to roughly $1,800. In mid-June, for reasons that are still unknown, the price skyrocketed to $3,000. And, as of this writing (June 27, 2017), the price is down to $2,374.
What accounts for the price changes? Bitcoin is considered a commodity, and the fact that there are a fixed number of coins available, causes speculators to “bid” and “ask” on the amounts just like stocks.
As for the causes for the recent spate of attacks? A group called the “Shadow Brokers” exposed hundreds of NSA hacking tools earlier this year. Software, with names like “Double Pulsar” and “Eternal Blue,” ended up in the public domain. Once out in the open it became quite clear to cyber-criminals that anyone who could download that code, build out a distribution method, and set up a bitcoin account would be in business rather quickly.
What the perpetuators of WannaCry found out — all too quickly — was that they needed a better back-end support system of “help desk” operators to explain to people how to obtain bitcoins and how to provide payment. In the end, one researcher found a controlling website name, purchased it, and effectively turned off the ability of the malware to “phone home.” As a result, files were not encrypted and the bit-coins did not reach the cyber-crooks. The lack of adequate planning “cost” them hundreds of thousands of dollars.
The majority of computers that were affected in May were running Windows XP, an older operating system that Microsoft stopped supporting in 2014. Yet there were also thousands of Windows 7 computers that didn’t have the April 2017 Microsoft monthly update installed.
There’s the 1999 film quote: “The first rule of Fight Club is: You do not talk about Fight Club.” Well, the first rule of running Windows is: You really have to install your Microsoft updates.
So why, if businesses know these horrifying threats exist, don’t they update their computers? I don’t have an answer for that, because not patching computers doesn’t make any business sense. You can say you don’t have the time or the manpower, but those are not valid excuses. Because the reality is this: if you want to continue to use your computers while these scourges exist, you should invest in an automated means of patching them!
What else should you be doing?
You should be verifying your backups and check that they have all of your data. If one of your computers gets hit, you must have the ability to restore those encrypted files. If you don’t take backups now, then add that to your list of things to do.
Finally, you need to upgrade your security tools. If you only use an anti-virus product that scans for known virus signatures, you are not adequately protected from these zero-day threats. You must have a modern, enterprise-grade, Internet Security product along with malware protection.
What is a small business or individual supposed to do if they get hit with ransomware? For one thing, they should contact the FBI and the local authorities. In 2000, the FBI established the Internet Crime Complaint Center (IC3) at htttp://www.ic3.gov where you can fill out an online form to file your complaint.
In the recently released 2016 Internet Crime Report, the FBI reports the IC3 received:
- 2,673 complaints identified as ransomware with losses of over $2.4 million.
- 10,850 tech support fraud complaints with losses in excess of $7.8 million.
Wait; what’s that? Last year, the FBI received four times as many reports of fake “tech support” complaints as they did for ransomware. And those cases cost small businesses and home users three times as much money!
This leads me to conclude that more people fall for the phony phone calls from “Microsoft” saying there are problems with their computers — but are willing to report and admit it — than they are about reporting being a victim of ransomware. Undoubtedly this is because the files that were encrypted were client-related and could cause substantial problems for their business and have ramifications in terms of bad press, privacy breach notifications, and possible law suits.
Where is all of this going to end up? I’m only certain of one thing. Cyber-criminals are going to continue to up the ante because they are going to go where the money is. Consider the bad actor parked across the street from a high-end automobile lot wirelessly loading malware into the electronic control units (ECU) of the cars waiting to be delivered. As security research firm FireEye reports, “a group of vehicles disabled on a busy highway could cause serious disruption. Municipal authorities may have little choice but to pay the ransom to reopen a busy commuting route.”
Every hardware component and computer that relies on software must be patched automatically, your Internet Security software must be enterprise-strength, and back-ups taken and inspected regularly. The threats already exist out there, and they are not going to go away any time soon.