Modern ransomware attacks are pulverising more systems across the world than any other computer virus or malware in history.
Thanks to their sophistication, ransomware attacks are now a cyber criminal’s favourite tools to earn some money while remaining anonymous.They will continue in the future until all computers and other devices are updated to their latest versions and their inherent vulnerabilities are taken care of.
What is Ransomware?
A ransomware is a specialised malware created by malicious hackers to take control of systems and encrypt the files within. In most cases, users are unable to decrypt encrypted files and documents until they pay a certain amount as ransom to the creators of ransomware.
The concept originated in 1989 when Dr. Joseph Popp embedded floppy disks with a trojan named PC Cyborg. He sent hundreds of such disks masquerading as questionnaires on AIDS to a number of potential victims who included readers of PC Business World magazine. The trojan inside these floppy discs modified files on hard drives, encrypted their names and ultimately locked computers, asking users to send over money to ‘lease’ their computers.
While PC Cyborg has been followed by many newer and more powerful variants, none have ever managed to significantly impact PCs across the world like the two ransomware attacks that took place recently.
The dreaded WannaCry ransomware impacted hundreds of thousands of computers across 100 countries. The reason why the hackers behind it could pull it off was that all affected systems ran outdated versions of the Windows operating system, notably Windows XP which hadn’t been updated in a decade.
WannaCry ransomware also exploited known SMB vulnerabilities in thousands of computers to infect them. Public facing SMB ports were tracked and several exploits, that were previously stolen from the NSA, were then used to establish persistence and allow for the installation of the WannaCry Ransomware.
Following the WannaCry attacks, its creators warned that they would use a much more lethal malware named EternalRocks to infect and destroy systems across the world. While only a couple of SMB exploits were used during WannaCry infection, the new EnternalRocks worm had been crafted out of as many as seven hacking tools.
While yet to materialise, EternalRocks is expected to affect computers in two stages. First, it will invade a system, download Tor and connect with a command and control server located inside Tor. After about 24 hours, the server will respond, enabling the worm to replicate itself and attack more computers. This delay in connection will make researchers believe that it is no ransomware and is just an ordinary infiltration. The most harrowing part of it is that EternalRocls won’t feature a kill switch.
Yet another lethal ransomware to have impacted systems across the globe is Petya. Earlier this week, it came to light that the ransomware not only encrypted target files but also encrypted NTFS structure before crashing a computer, thus rendering the computer unusable until the $300 ransom is paid.
The Petya ransomware has so far impacted a number of organisations around the globe like the Ukrainian power grid and their central bank, APM Terminals in the Netherlands, Saint-Gobain in France, oil giants Evraz and Rosneft in Russia and shipping company Maersk in Denmark. While a temporary solution has been found, it may take some time and a lot of effort to find a cure and to ward off similar attacks in future.
Why should you be very wary?
A bulk of ransomware attacks, as well as other forms of malware intrusions, are conducted via phishing attacks. These attacks include fraudulent and deceiving e-mails, texts and other forms of messages intended to convince users to click on malicious links or to share personal information.
Organisations are vulnerable to phishing attempts because of a lack of cyber-awareness and lack of cyber-security training among employees. At the same time, many small and medium-sized businesses do not have enough funds to invest on cyber-security and lack of skilled cyber-security talent across industries do not help matters either.
To guard against such attacks, organisations will have to invest more on cyber-security and hire more cyber security talent who can teach employees how to spot phishing e-mails and messages. At the same time, employees should be taught basic cyber-hygiene rules like avoiding social media on work devices, not clicking on unknown website links, set up dual authentication on work devices and not to share their devices with others.
Fraser Kyne, CTO for EMEA at Bromium says that organisations should also discard detection-based approach as a mode for fighting malware intrusions. ““With new strains of malware appearing every second, organisations simply can’t rely on a detection-based approach anymore. Instead, companies should be looking to solutions that allow malware to execute in a completely isolated, secure environment, removing the risk from malicious documents and zero-day exploits,” he said.