I wasn’t planning to do another piece on malware so soon but the events of the last five days or so has changed all that. The recent ransomware attack that has affected over 200,000 computers in 150 countries, closed hospitals, factories, schools and businesses across the world and has completely changed the internet security landscape.
The malware attack should have brought home to everyone that nobody is safe, whether you’re a mom and pop business or a national healthcare organization.
I have always been a little evangelical about IT security. That is mainly because I and the team here at Dave’s Computers have spent many years cleaning up the mess left behind. Rebuilding computers, trying to recover lost data and reloading system images. I am hoping that if any good comes of this attack, it is that more people than ever before are aware of the risks of ransomware.
What is ransomware?
Ransomware is exactly what it name suggests. It is malware that is designed to secretly infect a computer, encrypt all files within it and essentially hold those files to ransom until you pay a fixed amount in Bitcoin. If you pay, your files are unlocked. If you don’t, they are wiped and you lose all your data.
In this recent attack, researchers think a malicious program called Wannacry was used alongside code stolen from the NSA that could break into older computer systems. This opened the door for the ransomware to be injected into older or out of date computers to do its work.
How does ransomware work?
Initially, ransomware has to be delivered onto a computer as a payload carried by another piece of software. In this case, a virus allegedly created by the NSA and stolen from them a while ago. It can also be delivered via infected emails or email attachments or hidden in websites.
The main weakness of ransomware is that it needs some kind of interaction to work. By itself it is not a self-replicating code like a virus or ‘thinking’ code like a worm. It needs an interaction to be activated and do its work.
How did this attack spread so far so fast?
The ransomware used in this attack targeted vulnerabilities in older copies of Windows, namely Windows XP. Windows XP was not secure when it was supported, now many years later it is a serious weakness in any company IT network. With many hundreds of thousands of Windows XP machines still being used, there was fertile ground for this attack to spread.
While it is easy to blame organizations for not updating their computers, it isn’t as straightforward as that. Some computers are needed to run legacy programs that are incompatible with newer OS. For example, some manufacturing software will only run on Windows XP and is prohibitively expensive to have it rewritten for Windows 10.
Some healthcare organizations also have software that cannot be updated without significant expense. What is a hospital to do? Target their resources to providing front line services or buy a suite of new computers for staff to use? In an ideal world, they should be able to do both but we all know this is far from an ideal world.
How to protect yourself from ransomware
There are several things you can do to protect your computers from ransomware. Whether it is your home computer or within your business, the principle is exactly the same.
- Keep your operating systems current and up to date
- Use robust barrier security
- Use good quality antivirus and malware scanners
- Use a robust backup system
- Educate all users to the risks of malware
Keep your operating systems current and up to date
One serious security weakness is out of date operating systems. All operating systems have a finite life and are supported for a finite time. After this time, companies have to put all their resources into building the next operating system to earn the company money, to develop the next and so on.
To provide real protection from ransomware, you need to use the most up to date operating system you can. You need to keep it updated and to enable all security patches and updates as quickly as possible. That way, any exploits or vulnerabilities that are found can be secured in the shortest possible time.
Until Linux becomes truly usable by everyone, keep your Mac or Windows PC up to date.
Use robust barrier security
Barrier security is the point at which your home or business meets the internet. That is usually your router. For businesses, it is worthwhile investing in a good quality enterprise router that has its own packet inspection firewall. For sole traders or home users, smaller, more affordable routers offer similar protection on a smaller scale. Add a software firewall to each computer as an extra layer of defense.
Use good quality antivirus and malware scanners
Antivirus and malware scanning can be performed on each individual computer or in the cloud with a software agent on each device. Both methods work as well as each other, so there is not yet a clear advantage here. Installed antivirus uses system resources to scan and purge malware. Cloud-based scanners use cloud servers to do the work.
Every user of every kind that has a computer that connects to the internet MUST have both antivirus and a malware scanner on their system. It should be configured to scan and update itself automatically and run scheduled scans.
Use a robust backup system
A robust backup system will make or break many organizations affected by this ransomware outbreak. When your systems are locked down, you have two options, pay the ransom or wipe the system and replace it with a backup. As paying the ransom should never be an option, your only real recourse is to format the affected hard drives and rebuild them from a backup.
Educate all users to the risks of malware
Educating your family or staff about the risks of malware, viruses, ransomware and all those threats out there is an essential part of IT security. If you can prevent one employee clicking on one link that leads to malware, you could save your business thousands of dollars.
Teach everyone to never click email links, never open email attachments they were not expecting and never until they have scanned them with your antivirus solution first. Have a fair and transparent internet usage policy in place and make sure everyone abides by it. It protects everyone and is a vital tool in the fight against malware.
If you find yourself infected with a virus, malware or ransomware, don’t panic. Bring your device to Dave’s Computers in Hillsborough and we can help.