Once, not so long ago, the threat of holding someone, or something, for ransom was largely limited to plot lines of mystery novels or happened only to the progeny of the really rich and famous. Today, as anyone with a computer or mobile device can plainly tell you (that’s more than 5.8 billion of us), the “kidnapping” of data is a reality we all face on a daily basis.
A Short History Lesson on Ransomware
While last month’s WannaCry ransomware outbreak is another reminder of the epic proportions of this threat, Ransomware is nothing new—it’s been around since the early days of personal computing. It’s gone through many iterations, starting in 1989 as a Trojan that was distributed via infected disks at the World Health Organization’s International AIDS Conference. The virus used symmetric cryptography to encrypt the affected computers’ C drive files, but it turned out that decrypting the infected files was relatively simple to do.
The threat lost steam for a while until 2005. The next iterations were frightening, yet simple-to-fix screen-locking variants, which typically displayed threatening messages that blocked access to the user’s files and folders. The most significant player was Reveton, which posed as a member of a local law enforcement agency or the FBI informing the user that he or she was guilty of “X” and had to pay a hefty fine within the specified time frame. Otherwise, they would no longer be able to access their files.
These early variants had two fatal flaws that made their bark far worse than their bite; they could be easily unlocked with the proper tools and they lacked a reliable way to way to process and collect the ransom fee.
In 2013, all that changed. With the rise of BitCoin and the use of strong public asymmetric key encryption, attackers had all they needed to create truly devastating attacks. Right around this time, experts began to speculate that ransomware might actually have the firepower to become one of the gravest threats to our data.
CryptoLocker, the granddaddy of encrypting ransomware, was the first variant to employ this deadly combo of encryption and payment by BitCoin. That threat, spread via infected email attachments and websites, required the victim to pay up or permanently lose access to files. Persuasive enough, the creators walked away with $27 million. The variations we battle today pay homage to CryptoLocker, its nasty cousin Cryptowall, and other early encrypting variants for the destruction they caused.
A New Threat: File-Deleting Ransomware
The ransomware model remained largely unchanged for the next few years. Though new and unsettling variations surfaced with small changes such as heightened encryption levels and more stealthy delivery methods, all attacks relied on the “Infect → Encrypt → Pay up → Unlock” method. Towards the end of 2015 though, ransomware got another upgrade, making it all the more potent; hackers incorporated file deletion into their attack methods.
The ultra-creepy Jigsaw variant, using an image of the evil puppet from the horror flick Saw, didn’t just encrypt files; if the user didn’t pay up within the hour, his or her files would be deleted. Creators destroyed the files of victims who didn’t pay up, but a flaw in the payment method allowed researchers to create a decrypt tool early on.
WannaCry: A Preventable Crisis
And now back to WannaCry. As the world awoke on Friday, May 12, 2017 and turned on their computers, 230,000 PC users across 150 countries saw the same message: “Oops! Your files have been encrypted.” The text then informed victims that to retrieve their files, they would have to pay the decrypt fee or their files would be permanently deleted after six days.
The attack infiltrated the UK’s National Health Service, hitting internet-connected surgical equipment, blood storage facilities, and computers. Also affected were Nissan and Renault Motors, LATAM Airlines, FedEx, regional law enforcement agencies, government agencies, numerous universities, metro systems, and others. The scope and speed of the attack were truly unprecedented—and it all could have been prevented had proper measures been in place.
Beating Ransomware: Creating a System of Patching and Disaster Recovery
There are two key elements your organization needs to beat WannaCry and other villains in the ransomware epidemic: You must be proactive in patching your OS and ensuring that you have a complete disaster recovery and backup plan.
Patching: Operating systems that don’t have the proper patches applied are wide open targets for exploits of all kinds, ransomware or otherwise. The unlucky recipients of WannaCry were either enterprises or home users running the depreciated Windows XP or Windows 7 who had not applied the necessary security patches issued by Microsoft. Organizations must be proactive in testing and rolling out patches to remain ahead of vulnerabilities.
Backup and Disaster Recovery: Ensuring that your organization has a cloud backup and cloud disaster recovery plan in place before ransomware hits are the only foolproof ways to keep control of your data without giving in to demands. Backup and disaster recovery also protect your organization from a host of other disaster scenarios, making it a smart investment across the board. Cloud Protection Manager provides Enterprise customers with flexible recovery as well as cross account backup which is essential in protecting against ransomware.
WannaCry isn’t the end of ransomware; far from it. Rest assured that as long as there are Internet-connected devices, there will be criminals looking to exploit whatever they can. Organizations must understand that the key to beating ransomware lies in creating a solid patching and recovery plan—before the next big one hits.