Held to Ransomware

Held to Ransomware
May 17, 2017 Stacey Corrin

Exploring the ransomware attack using WannaCry

Last Friday saw a worldwide ransomware attack. One of the few things we know for certain is that there will be other such attacks in the future; how can you make sure you are not a victim?

If you have gone online over the last few days then you will know that more than 230,000 computers in over 150 countries were hit by a ransomware attack last Friday. If you have not been able to go online since last Friday then the chances are that you have decided not to pay the ransom…

The attack came from the WannaCry computer worm, which targets the Microsoft Windows operating system: it encrypts data and demands a ‘ransom’ in the virtual Bitcoin currency.

Despite the newspapers headlines about the NHS ‘grinding to a halt’ and ‘doctors forced to rely on pens and paper’ the UK was far from the worst-hit country. Russia, Ukraine, India and Taiwan were reported to have been particularly badly affected by the attack.

Who was responsible for the ransomware attack?

So who was behind the recent ransomware attack? According to a recent article on the Bloomberg website, many experts are now pointing the finger at North Korea. The attack bore the hallmarks of previous attacks that have originated in North Korea, with Simon Choi, a director of a South Korean virus software company, pointing out that the country has been mining bitcoins using malicious computer programmes since 2013.

In last week’s attacks, the hackers demanded payment in bitcoins – not something the NHS keeps in petty cash – before victims could regain access to their encrypted computers.

Researchers at Symantec and Kaspersky Lab also supported Choi’s view of a possible link between the ‘WannaCry’ ransomware attack and hackers linked to North Korea.

What damage does ransomware do?

Ransomware attacks are increasing rapidly: it is estimated that there were up to 6 million in the final quarter of 2015, with the attacks coming in many forms – e-mails, internet downloads or PDFs. Just one click can lead to your computer being affected, which, as we saw on Friday, could mean:

  • Temporary or permanent data loss
  • Loss of access to your systems
  • Harm to your personal or company’s reputation
  • And, of course, financial loss – whether that is through lost data, lost business or simply coughing up and paying the ransom.

What can you do to prevent it happening?

In many ways it is tempting to say that the advice your Granny gave you is the best advice: if something in an e-mail seems too good to be true it is too good to be true. After all, why should a West African head of state choose you to share his wealth? But we have moved on from those very early e-mails: attachments, links and PDFs can look far more believable. Security experts are now recommending some basic steps which everyone can take:

  • Keep your anti-virus software up to date. Don’t sigh and think, “Not again, I’ll do it tomorrow.”
  • And if your anti-virus software does give you a warning act on it immediately: if you are in a large organisation, report it to the IT department
  • Make sure your critical files are backed up – preferably off-site. Files which are stored elsewhere on your system or network are still vulnerable
  • Beware of pop-ups that ask for account information, or that ask you to install something
  • Bookmark your favourites – hackers will often create pages with names very close to popular sites: save the sites you visit most often to avoid mis-spelling a frequently visited site and ending up somewhere you really shouldn’t
  • And stay away from the darker side of the internet: hackers know that people are far less likely to report – and act upon – a threat if has come from a site they should not have been visiting, especially in work time.

The scale of financial fraud

The scale of financial fraud

When you add a ransomware attack to the well-established internet ‘phishing’ epidemic it is not surprising that Financial Fraud Action (FFA) – an organisation funded by the banks and payment card firms – reports that a financial scam was committed every 15 seconds in the first half of 2016, a 53% increase on the same period in the previous year. This is not all online fraud – apparently good, old fashioned cheque card scams are still alive and well – but clearly the majority is online and, as fraudsters become more sophisticated, the numbers are only going to increase.

Just opening my e-mail this morning I’ve been offered a £500 gift card – ‘Just picking up on a conversation you had with my college.’ Two companies have told me that ‘there is £1,438 in your account that we need you to send us bank account details.’ And of course, for no apparent reason yet another very attractive young lady wearing not much at all wants to be my friend on Facebook.

That is since I turned my computer on this morning. Multiply that by the rest of the working day, by the number of people working and some of those attempts are bound to be successful. Maybe the surprise is that the NHS computer system isn’t hacked every day.

Taking basic precautions

The FFA – working with the police – has now come up with the ‘Take Five’ campaign, aimed at ensuring ‘busy lives do not mean easy targets.’ The idea is simply to pause and think before you respond to any request for information – and the advice applies as much to individual and corporate ransomware as much as it does to financial fraud. So as you ‘take five’ before you respond to that very welcome e-mail telling you that you have forgotten to claim your £1,000 gift card, what questions should you ask yourself:

  • Do I know the sender of this e-mail?
  • Does it make sense that the e-mail was sent to me?
  • Does the Email address look like the URL of the main sender? E.g. if you receive an email from Paypal – is the sender address XXX@paypal.com or is it from hitmespalso@peypalseli.com (which I recently received) Note, you often need to hover over the sender address to see the ‘real’ sender address.
  • Can I verify that the attached PDF or link is safe?
  • Does the e-mail make a threat? Is it, for example, threatening to cancel my credit cards or close my bank account?
  • Is there anything ‘off’ about the e-mail? Are there basic mistakes in punctuation, grammar, content or phrasing?

Doing that might not make you 100% secure. We do get tired, we do get distracted and, sometimes, we all click on things we should not click on. But a few simple precautions can go a long way: sadly we are never going to return to the days when burglars and bank robbers wore masks, stripy jumpers and carried a sack conveniently labelled ‘swag…’

Tweet
Pin
Share
Share
+1
Buffer