Ransomware and Rip Van Winkle: Don’t Ever, Ever Sleep Again

This can't be right

Security Awareness Week: June 5-9, 2017

By Rodney Nelsestuen, Chief Information Officer

We all know the story of Rip Van Winkle who slept for 20 years and woke to find he’d missed the Revolutionary War and that society had changed dramatically. Today, poor Rip would find that a mere 20-minute nap may be enough to put him out of touch – especially when it comes to security.

This was driven home by the recent global attack of ransomware (aptly named Wannacry) that put hospitals, governments, and businesses on the defensive and interrupted the normal course of business on some estimated 250,000 computers in 150 countries, including the US. This event was one of the first to have a large-scale global reach and one which cost those who were attacked an estimated $3 billion dollars. Moreover, the success of Wannacry and its scale will most certainly result in a massive expansion of the ransomware “business.”

You may wonder why ransomware is suddenly so popular as compared to other types of hacking. Here are three reasons:

The attacker need do nothing and still gets paid.

Ransomware either encrypts files on a computer or blocks access to the files. These programs used to be delivered exclusively in emails as an attachment that a victim would open. While that delivery method is still in use, the more pernicious versions simply roam the internet and when they find an unprotected network or computer, will launch the attack without human intervention.

Stealing personal information and credit card data is still popular, but imagine how much work it is to steal, store, organize, and then find a buyer for that data. In short, the old fashioned methods of theft are a lot of work compared to a ransomware attack that threatens to delete all data on a computer unless the victim pays for the release. Attackers simply sit back and wait for the victim to pay.

Want to go into business? Try ransomware as a service.

Don’t know anything about computers or hacking? No need to worry. You can contract with a hacker and outsource your criminal activity. Organizations offering ransomware services are beginning to take root and will encourage bad actors of all types to try their hand at it.

After all, what do they have to lose? The outsourced service provider does all the work and gets paid a cut of the take, and you merely await your share as the business owner.

If one door is locked, just try another.

The interconnectivity of the internet and businesses across the globe makes it much easier for a ransomware attack to succeed. Can’t get into a corporate network? Try the company’s version of webmail, which can be accessed from any computer in the world. Can’t get a user to click on a link? Then use in-memory malware to deliver the payload. Find it hard to scale your crime? Then hack cloud services and launch attacks against thousands of high value targets at once. In short, ransomware has multiple attack vectors.

So what can I do to protect my business?

There are long-standing processes and tools that companies need as a foundation to stopping ransomware. While the list of approaches is long, let’s focus on three items that will reduce the risk of being hacked or a victim of ransomware:

  1. Whether you run your own technology or outsource it, be sure you know what protections and processes you have in place. Anti-virus software, firewalls, and intrusion detection software with expert alerts, and patching systems and applications are regularly among these basics.More importantly, make sure your security tools are on the most current versions. This may mean having updates almost continuously at times as risk conditions can change dynamically. It’s good to look into new technologies as new threats arise, but remember that the tools you do have may be the best there are if kept up to date.
  2. Layer security across your business. No one single solution will protect you from every attack. Whether physical locks on doors, increasing the sophistication of passwords, using out of band authentication, or segmenting your network with additional firewalls, consider using a layered approach to make it more difficult for bad actors to get through to your valued information. This includes using the security and authentication steps offered by your bank. Most banks will provide tools that allow the business to verify financial transactions before they occur. Unfortunately, too many businesses fail to adopt these solutions and processes.
  3. Train your staff on proper use of the connected world we live in – and keep security awareness in the forefront of employees’ minds. The human threat is twofold: first, people make mistakes and as humans, we always will.Second, there has been a growing threat from insiders who are ‘groomed’ by bad actors to ultimately take part in a crime. While this is an unpleasant topic, it’s something every business owner or manager needs to consider today.

One final thought. It would pay most businesses to be connected to an organization that monitors the global threat environment and can keep the business up to date on emerging threats. This external information can then be aligned with your internal IT steps and actions. There are several such organizations and many have very reasonable fees.

The security issues faced by businesses will only be more challenging in the future. Staying up to date on security technology, being vigilant on how users interact with your systems, and having an eye to the emerging threats as they grow are all smart and necessary steps for any business today.

While there are no sure-fire solutions to risk, by taking a multi-faceted approach you’re in the know about the threat environment, and you’ll feel better that you’re managing it in a sound manner. Then you’ll be able to sleep peacefully even with one eye open so as not to miss, as Rip Van Winkle did, the important things in life such as the birth of a nation.