{"id":248,"date":"2017-06-28T16:33:10","date_gmt":"2017-06-28T20:33:10","guid":{"rendered":"http:\/\/www.heliotropicsystems.com\/blog\/?p=248"},"modified":"2017-06-28T16:33:49","modified_gmt":"2017-06-28T20:33:49","slug":"248","status":"publish","type":"post","link":"https:\/\/www.heliotropicsystems.com\/blog\/index.php\/248\/","title":{"rendered":"Cyber Security and Ransomware"},"content":{"rendered":"

The Washington Post reports “Massive cyberattack hits Europe with widespread ransom demands.”<\/i> Updates from The New York Times indicate that this new attack has even spread to businesses in the United States.<\/p>\n

Barely six weeks have elapsed since May\u2019s WannaCry ransomware attack, which crippled more than 300,000 computers around the world. It is clear cyber-criminals are increasing their efforts to obtain cash. What we are witnessing now is merely a prelude to even more, possibly terrifying, attacks.<\/p>\n

As you know, ransomware is malicious software that takes over the files on your computer by encrypting them and then posting a message telling you that if you want your files back, you\u2019ll have to pay money (ransom) to the cyber-criminals who performed the deed.<\/p>\n

The major form of currency for payment is Bitcoin, a block-chain mechanism for payment that provides complete invisibility for the cyber-criminal. It is both currency and a monetary system. Back in January 2017, one bitcoin averaged round $900. Throughout May, when the last ransomware attack took place, prices doubled to roughly $1,800. In mid-June, for reasons that are still unknown, the price skyrocketed to $3,000. And, as of this writing (June 27, 2017), the price is down to $2,374.<\/p>\n

What accounts for the price changes? Bitcoin is considered a commodity, and the fact that there are a fixed number of coins available, causes speculators to \u201cbid\u201d and \u201cask\u201d on the amounts just like stocks.<\/p>\n

As for the causes for the recent spate of attacks? A group called the \u201cShadow Brokers\u201d exposed hundreds of NSA hacking tools earlier this year. Software, with names like \u201cDouble Pulsar\u201d and \u201cEternal Blue,\u201d ended up in the public domain. Once out in the open it became quite clear to cyber-criminals that anyone who could download that code, build out a distribution method, and set up a bitcoin account would be in business rather quickly.<\/p>\n

What the perpetuators of WannaCry found out \u2014 all too quickly \u2014 was that they needed a better back-end support system of \u201chelp desk\u201d operators to explain to people how to obtain bitcoins and how to provide payment. In the end, one researcher found a controlling website name, purchased it, and effectively turned off the ability of the malware to \u201cphone home.\u201d As a result, files were not encrypted and the bit-coins did not reach the cyber-crooks. The lack of adequate planning \u201ccost\u201d them hundreds of thousands of dollars.<\/p>\n

The majority of computers that were affected in May were running Windows XP, an older operating system that Microsoft stopped supporting in 2014. Yet there were also thousands of Windows 7 computers that didn\u2019t have the April 2017 Microsoft monthly update installed.<\/p>\n

There\u2019s the 1999 film quote: \u201cThe first rule of Fight Club is: You do not talk about Fight Club.\u201d Well, the first rule of running Windows is: You really have to install your Microsoft updates.<\/p>\n

So why, if businesses know these horrifying threats exist, don\u2019t they update their computers? I don\u2019t have an answer for that, because not patching computers doesn\u2019t make any business sense. You can say you don\u2019t have the time or the manpower, but those are not<\/b> valid excuses. Because the reality is this: if you want to continue to use your computers while these scourges exist, you should invest in an automated means of patching them!<\/p>\n

What else should you be doing?<\/p>\n

You should be verifying your backups and check that they have all of your data. If one of your computers gets hit, you must have the ability to restore those encrypted files. If you don\u2019t take backups now, then add that to your list of things to do.<\/p>\n

Finally, you need to upgrade your security tools. If you only use an anti-virus product that scans for known virus signatures, you are not<\/i><\/b> adequately protected from these zero-day threats. You must have a modern, enterprise-grade, Internet Security product along with malware protection.<\/p>\n

What is a small business or individual supposed to do if they get hit with ransomware? For one thing, they should contact the FBI and the local authorities. In 2000, the FBI established the Internet Crime Complaint Center (IC3) at htttp:\/\/www.ic3.gov where you can fill out an online form to file your complaint.<\/p>\n

In the recently released 2016 Internet Crime Report, the FBI reports the IC3 received:<\/p>\n