For the last several months, the entire world has been under attack by hackers. This statement isn’t new because the same statement was true a month ago… a year ago… a decade ago. The Internet went from a government controlled entity to public access status in the early 1990’s. It didn’t take the bad guys long to figure out how to exploit the Internet after that. Today, the Internet is far more sophisticated than it used to be… and so are the hackers. What makes the attacks of the last several months unique is the way they went about it. Let me rephrase that… The process wasn’t even new because Phishing has been around for a long time too. It’s the tools that the hackers used along with the Phishing emails that makes this attack unique and in the immortal words of Yogi Berra, “It ain’t over ‘til it’s over.”
One of the things that I found most interesting about the WannaCry attack was that it was almost exclusively focused on older versions of Windows. Kaspersky Labs, one of the world leaders in malware analysis, has come up with some interesting statistics. According to Kapersky, the vast majority of systems affected by WannaCry were Windows 7 with Windows XP as a distant second place. Windows Server 2003 and Windows Server 2008 systems were also impacted. Specifically speaking, over 98% of the affected computers were from the Windows 7 family. Less than 1% of the affected systems were Windows servers.
Windows 10 users were for the most part unaffected. This fact is important to note.
Something else that piqued my interest in this latest attack was the amount of money the ransomers were requiring. In the grand scheme of things, 300 bucks seems like a drop in the bucket. Some might speculate that they bad guys were just running the numbers and counting on a high volume of small ransom payments. Others tend to look a little deeper at the attack and see it as a trial run for something bigger. I fall into the latter category and here’s why…
New information that has come out as recently as last week regarding the next potential attack. The hacking tools that were used to make WannaCry work so effectively were leaked NSA hacking tools. Essentially, the bad guys got ahold of the hack tools and weaponized them in the form of a self-replicating worm that jumped from host to host. The next anticipated attack works in essentially the same way however, it’s using seven (yes, seven) leaked NSA hack tools. The worm “EternalRocks” has been discovered and analyzed and it doesn’t appear to have a payload. In other words, there’s no ransomeware included in this surprise. That said, the report from The Latest Hacking News website states that this worm is much sneakier than WannaCry and uses the exact same file names as WannaCry which will cause security professionals to misidentify the threat. The report goes on to say that EternalRocks could be weaponized with a payload in a matter of minutes.
So how does one protect themselves from attacks of this nature? The steps are fairly simple. Upgrade, Update, Protect and Stay Patched. Many people dislike change. Giving up on Windows 7 might be troubling form some, but it needs to happen and soon. Upgrade your operating system to Windows 10 is your best first step to protecting yourself. Update is the next step is making sure your computer is updated with the latest updates (patches) from Microsoft as well as other application vendors like Adobe. Protect your system with a robust antimalware application like MalwareBytes, even if you have an antivirus application already installed. The last step is something
akin to Preventative Medicine… Stay Patched… Make sure your system is current on new security patches.
What is Ransomware?
Ransomware is a form of malicious software (or malware). Once it has taken over your computer, it denies you access to your data. The attacker demands a ransom from the victim, promising to restore access to the data upon payment. This promise is not necessarily made in honesty. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.
How Ransomware Works
There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing spam. This can come in the form of a cleverly counterfeited email with a request for their login credentials or personal information. All they have to do is “click here” on the included link. In other cases, the phishing spam comes as attachments in an email masquerading as a file they should trust. Once they’re downloaded and opened, they can take over the victim’s computer, especially if they have built-in social engineering tools that trick users into allowing administrative access. Some other, more aggressive forms of ransomware, like NotPetya, exploit security holes to infect computers without needing to trick users.
There are several things the malware might do once it’s taken over the victim’s computer, but by far the most common action is to encrypt some or all of the user’s files. This even includes the contents of any connected network drives. The most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker.