The world bore witness to a massive ransomware attack on May 12th, 2017. It took the relatively unknown threat of malware and made it a massive security concern that everyone from the average Joe to world leaders were talking about. The WannaCry ransomware – which was weaponised thanks to an exploit from the National Security Agency – tore through 99 countries, bringing British hospitals and Spanish telecoms to their knees.
This was followed up roughly a month later with the “Petya” ransomware that affected around 2,000 individuals and organisations around the world. What was curious about Petya was that it seemed to have been created to damage IT systems and had little do to with extorting money. Petya was different from WannaCry in that it spread internally through a network rather than trying to spread to external networks. This likely limited how much it spread, meaning that the rate of infection dropped overnight.
If you weren’t already aware of the ransomware threat, then you likely are now. If you want to find a way to protect yourself from these problems, most of the major antivirus companies claim to have updated their software; enabling them to detect and remove ransomware before it can become a threat. Norton products running 20170627.009 definitions should be able to, while Acronis and Kaspersky have also claimed their software systems are able to detect malware including WannaCry and Petya.
How Does Ransomware Work?
Ransomware is a form of computer virus that infects PCs, mobile devices, or servers. They primarily enter your computer when you click on a link or open an attachment in a spam email. The malware is able to encrypt the files on the device and display a ransom note, demanding that you pay an amount of money (typically hundreds, but potentially thousands) in bitcoin to a specified address to receive the key to decrypt your files and recover your device. If you don’t pay the money then the ransomware threatens to either keep the files locked forever or delete them. More sophisticated forms of ransomware are able to worm their way into other Pcs and servers, spreading the infection geometrically as every new infected device continues to spread the virus itself.
WannaCry Targets Microsoft Networking Protocols
WannaCry, which was also known as WannaCrypt, Wanna Decryptor, and WannaCrypt0r 2.0 worked by exploiting a vulnerability in Server Message Block; Microsoft’s file-sharing protocol. The exploit was only discovered recently, meaning that many businesses had yet to patch it. This vulnerability – combined with a weapons-grade digital worm developed by the NSA and exposed through the ShadowBrokers leak – allowed WannaCry to spread at unprecedented speeds, crippling electronic systems around the world in just 24 hours.
Petya Targets The Software Update Mechanism Built Into a Ukraine Accounting Program
Petya was apparently seeded through a software update mechanism in the Medoc accounting program used by the Ukrainian government. This would explain why there were many Ukrainian targets, including government, state power utilities, banks, and the airport and metro system of Kiev. The radiation monitoring system of Chernobyl was also disabled, meaning employees were left with no choice but to measure radiation levels at the exclusion zone with hand-held devices. The malware came back in a second wave thanks to a phishing campaign powered by attachments ridden with malware.
How to Protect Yourself From Ransomware Such as WannaCry, Petya, and Others
Acronis and Norton advocate using data protection to keep your files safe from ransomware attack. By backing up your data with a range of different locations and storage media, you’ll be able to take your ransomware-encrypted computer and return it back to normal. You could lose some of your work, but it’s better than paying the ransom or wiping the entire hard drive. Acronis took things to the next level recently by launching their own Active Protection data protection solution.
This patented proprietary technology uses heuristic analysis and machine learning to detect ransomware attacks and block them, instantly restoring encrypted data back to normal. To put it simply; it scans for suspicious file activity – such as the kind caused by ransomware attacks – and then eliminates the offending process before it can complete. It restores the encrypted files through local caching. What makes Active Protection so great is that it can protect you from zero-day exploits (vulnerabilities that are largely unknown) that can be overlooked by signature-based defenses such as anti-virus programs.
Norton uses a combination of different technology to automatically protect their customers from ransomware. This proactive protection is provided by:
- IPS network-based protection
- Advanced Machine Learning
- SONAR behavior detection technology
- Intelligent Threat Cloud
Kaspersky Internet Security has their own offering known as “real time backup when you need it”. The idea is simple enough; Kaspersky will automatically create a fresh copy a file it detects has been modified suspiciously to prevent it from being “stolen”. It then examines the software attempting to modify files, and blocks it if it is suspicious.
Ransomware thieves made off with over a billion dollars from their victims last year; almost half of all businesses fell victim to one or more ransomware attacks. While you might be tempted to simply pay off the ransom, this is a bad move to make: one in five people who pay the ransom never get the remedy they were promised, and paying the ransom also does nothing to prevent additional attacks. Giving up your money only encourages criminals and funds the development of bigger and “better” ransomware. You have two options; allow yourself to become a victim, or better defend yourself.
The New Threats Following WannaCry and Petya
WannaCry and Petya have proven that ransomware gangsters are constantly stepping up their game. The idea that this threat is growing and becoming more sophisticated is proven thanks to the advent of ransomware-as-a-service. This is when malware coders are enlisted by criminals to infect specific targets –essentially the illegal version of the software-as-a-service industry, which offers legal products to clients.
The recent malware cataclysm is going to force businesses that were unaware or indifferent to malware to finally take it seriously. IT security professionals are going to recommend taking a deep, multilayered approach to defense. Patch any vulnerability in your operating system and applications, continuously back up your data, use endpoint security measures such as anti-virus programs and keep them updated; segment your networks with VLANs and firewalls to prevent worms from spreading; and educate your users to recognize and respond to infiltration methods such as dubious links and attachments on emails, websites loaded with viruses, infected USB drives, and malicious online ads.
We highly recommend following every one of these steps. If you want to be sure that your business data is kept safe and secure from ransomware – even ransomware as refined and powerful as Petya or WannaCry –then there is only one truly foolproof answer. That is to keep a system of active and passive data protection that is able to prevent ransomware (even ransomware running zero-day exploits), automatically repairs files damaged by ransomware, and keeps your backups protected from destruction. Whether you use Acronis True Image 2017, Kaspersky Internet Security, or Norton Security is up to you.