The New Specter of Ransomware

Well, the concept of ransomware isn't exactly new. But the recent attacks involving WannaCry and Petya have certainly brought the fear of it back to the fore, especially in the minds of IT administrators around the globe. This fear is perhaps justified, as it's a pretty grim proposition if your computer becomes infected - the worm locks up your precious files, and won't let you have them back unless you pay some faceless hacker several hundred dollars worth of a particular cryptocurrency you probably don't know how to use and may not have even heard of. If you do decide to pay up, you're unlikely to receive a money-back guarantee in case your files are for some reason unrecoverable - although some service-minded extortionists are actually offering customer support to their hapless victims, and even going so far as to offer live chat for those who need rescuing in real-time. It's almost like a legitimate business, except not.

A few years back, Symantec classified ransomware as the single most dangerous cyber threat. They may not have been too far off the mark. Incidences of these types of attack are increasing, to the point where enterprising facilitators have created a "Ransomware as a Service" (RaaS) to cater to the growing market of aspiring bitnappers. For a modest up-front fee - and a percentage of the total ransom - RaaS provides you with all the tools needed to get the job done: the trojan, instructions for use, the payment infrastructure, even a developer news-feed. Safe to say that ransomware attacks probably aren't going away any time soon. So what can be done?

Both administrators and end users alike should be approaching disaster recovery from a total loss perspective, even in the absence of the new specter of ransomware. To illustrate the point, here's a fun little exercise everyone can try at home - take your daily driver (be it desktop or laptop), immediately unplug it, carry it outside, douse it liberally in paint-thinner, and set it alight. Once the flames have died down and the noxious fumes dissipated, find a pen and paper and start taking daily notes of the specific problems you encounter due to no longer having access to whatever data was contained on the thing you just destroyed. Lost all your customer contact details? Financial data gone? Your meticulously curated spreadsheet full of passwords no longer accessible? Every point you note down here is another arrow in any potential hacker's quiver; another convincing reason for you to risk coughing up the bitcoins in the hope of getting your data back. The day you go through this exercise and have an empty notebook at the end of it, is the day you have effectively disarmed the hacker. This is the proper way to deal with data loss - not to try and prevent it happening, but to reduce the damage incurred when it does.

Anyway - now that your computer is a pile of melted plastic, you'll be wondering what to replace it with. Cloud-based solutions offer an effective way to help separate desktop and data, which is what you want to do if you're at all interested in protecting yourself against data loss. You can't magically clone a destroyed desktop PC, but you can easily create an identical virtual one.

You could also consider migrating away from Windows if possible, since Windows is - and will continue to be - the most heavily targeted platform for these types of attack. Although it isn't always possible (or desirable) to move away from Windows completely, at least accessing it through ThinLinc means that you won't have to expose vulnerable Windows services to the Internet at large. Something to think about. Be safe out there.

About the author

Aaron Sowry

Comments

No one has commented on this page yet.

Post your comment

You cannot post comments until you have logged in. Login Here.