As 2019 begins its routines of changes, new introductions, and familiar faces, the tech world continues to evaluate cyber security. Although more people are aware of cyber threats because of how public and high-profile certain exploits have become, there is always a chance of a new type of exploit and a new set of victims. Ransomware was still a big topic in 2018, and 2019 is a chance to harden systems. The types of people who should worry about ransomware have shifted, but the threat is still there. Here are a few ransomware details to understand the threat, the groups dealing with the most risk, and ways to protect your systems.
Use E-mail? You Should Worry About Ransomware in 2019
Ransomware is a type of malicious software or malware designed to lock down your files in exchange for payment. The attack works by infiltrating your system, then encrypting (scrambling). After encryption, files can only be unlocked and properly used with a key. The encryption technology is legitimate and used across the tech world, but also used by hackers skilled in infiltration. The concept of ransomware infecting systems isn’t new. There are always new ways to trick users into downloading files and launching them. One of the most dangerous ransomware events utilized Windows exploits—which still has a considerable operating system market share. The weakness allowing the original exploit was fixed with a patch. Unfortunately, there are other ways to be infected with a ransomware threat.
The core part of ransomware is the fact that it locks down files and asks for money. Ransomware is the payload, and any method of delivering that payload is valid. Ransomware can be installed by downloading a legitimate file and executing a series of commands. Since viruses are nothing new, most modern systems can block programs from accessing deep, sensitive files—even if you’re the admin! The difference between ransomware and other viruses that seek to control your system is that ransomware hackers want your system to still work. Worms and programs designed to utterly destroy the system are useless to ransomware criminals. If your system isn’t working, you can’t see the ransomware’s damage and you can’t see the instructions. With no instructions, you won’t know where to pay. It’s still terrible for you, but ransomware systems are designed to keep the core system functional.
No Operating System is Spared
Virus attacks are all about popularity, especially when money is involved. Although many hackers just like learning about systems and reaching greater achievements, most threats today are about money. If your Operating System (OS) has the biggest market share, you’re a target and one of the many who should worry about ransomware. This runs counter to what certain OS customers may think about their brand. Especially with Apple’s MacOS and IOS, the idea that Mac systems were “unhackable” is based on past luck. True safety came from being newer, different from the popular Windows systems, and with less potential victims. Mac-specific ransomware such as Panther was loaded onto illegal downloads of popular programs such as Adobe Premier CC. If you’ve ever picked up a “cheap” or “free” copy from a friend, there’s a chance you’re at risk.
If you knowingly pirate software at all, ransomware and all other virus threats are just part of the risk–making you one of the many who should worry about ranswomare as well. Another ransomware system called KeRanger was spread around in a similar fashion. Another dangerous and alarming ransomware event on Mac was the official Handbrake program being infected with remote control exploits. This official, but infected software was spread around to customers across the world. These are some of the ways that many Windows users are infected by ransomware as well. Windows users suffer a higher infection risk from vectors (attack methods/angles) such as clickable advertisements designed for Windows. As people shift to iPhones and Android devices, hackers adjust their attention and talents accordingly. It’s all about whether it’s worth a hacker’s time.
Making Constant Updates to Your OS or Software? Watch Out
One of the most devastating ransomware cases—the WannaCry or Wcry threat—was spread through email phishing and an exploit from the pre-ransomware technique called EternalBlue. EternalBlue worked by exploiting a system called Microsoft Server Message Block 1.0 or SMB. SMB is a network sharing technique or protocol. This protocol gives systems permission to read and write files. Normally, a program would use SMB to read and write information across the network just like computer do internally. Hackers can use this to load files remotely without triggering certain security details. While the technology can get a bit deep, this underlines why hackers do what they do. It’s dangerous and expensive, but it’s an interesting way to sneak into a system. Computers are massive piles of files, and there’s bound to be a way around some stack of code. If you’re good at tech, you can find these exploits. Unfortunately, people with these skills use their findings to make money by wreaking havoc. Next, a lower tier of tech-savvy people can copy the techniques and start their own attacks. The exploit was patched, but the patch has to be downloaded. Many people do not update their computers for various reasons, which leads to continued exploits.
Do you have updates turned off? Do you know why they’re turned off? Can you get to a reliable internet connection? Unless you have a valid reason, such as being on a limited internet connection, perform system updates immediately. There are select groups who do not update their systems for good reason. Certain businesses and government organizations need to test every update for compatibility. The military, for example, can’t simply trust Microsoft or Apple to not spy or not be infiltrated. People who pirate or steal copies of their operating systems often can’t update. They either need to download a piracy-compatible update. For most pirated copies, updating will invalidate their system and lock it down. Some businesses are tempted to copy the military or other businesses with certain security practices. If you’re not a multinational, multi-million-dollar business, you can’t afford their controls. A dedicated security professional with programming and networking experience is needed to make not updating worth it. More importantly, you need to be an actual target of advanced espionage. That’s just not realistic for companies that aren’t at least Fortune 500 businesses. It’s not about dressing for the job you want or practicing for the big leagues. Instead of picking your own tech security, ask a professional for a properly-sized option.
Those Back-Ups Are One of the Most at Risk
The best defense against ransomware is proper updates, proper security systems, and proper backup schedules. With a good backup system, you can store multiple days of saved information. The standard backup process involves copying all of your company’s data, then storing it somewhere safe. Backups need to be tested on an at least quarterly basis. Backing up files is more advanced than just copying and pasting information, and can be corrupted. Because of corruption, you may need to write another backup and test for failure before danger strikes.
Standard backup schedules often follow this theme:
- Monthly. One large, full backup of every file in your business once per month. This is best done after hours.
- Weekly. One large, full backup again. This backup happens weekly.
- Daily. The weekly backup, but edited with changes and copied daily.
In this schedule, you have 9 backups of your business. The last 7 are the same files, but marked with specific days and with much smaller differences. Backups are a hard lesson to learn for too many businesses. Don’t wait until your first ransomware file loss to set up a plan. If you wish to learn more or want to discuss system hardening and backup planning, feel free to contact us so we can talk more about what type of security measures will work best for your business.