The major ransomware attack spread across the world in this past June and struck against large pharmaceutical companies, Kiev metro, an airport, banks, Chernobyl radiation detection systems, the hospitals and government agencies. This ransomware that was behind the cyber attack was known as WannaCryptor, also called as WannaCrypt or WannaCry.malware. It is fair to say that these advanced attackers can be expected to attack with new kind of ransomware tactics, whose implications on organizations will be remarkable if practical and innovative measures are not put in place.
Below are some of the things to know about ransomware:
- What is ransomware? Ransomware is a type of malicious malware that block access to files and data on devices such as computer, tablets or smartphone and there will be a demand or ransom to unlock it. In the case of the Petya ransomware, the malicious software spread rapidly across the organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows. These malicious ransomware uses an asymmetric encryption algorithm, which controls a public and private pair of keys. When the data is encrypted with the public key, it can only be unlocked by the other matching private key and vice versa.
- Should victims pay cyber ransoms? Victims are always advised never to pay the ransom as it encourages the attackers. This is because there is no guarantee that the encrypted files or data will be returned after payment of ransom. Instead, restore all files from a backup.
- How much do hacker typical take as ransom?Payment are demanded and made via Bitcoin. This is a digital currency which is popular among cybercriminals because it is decentralized, unregulated and practically impossible to trace. The ransom for such attacks usually range between 0.3 and 1 Bitcoins which is between $300 to $600 to unlock the files. It may seem like a small amount, but these attacks are often distributed widely and the ransom payments adds up.
- How to mitigate the ransomware attacks. The best to mitigate against ransomware attacks is to ensure that all files are backed up in a complete separate system. This means that if an organization suffer an attack valuable information will not be lost to hackers. According to the U.K. National Cyber Security Center, all computer emergency response teams and security experts, businesses and all the organizations worldwide need to ensure that the following five mitigation strategies are in place:
- Install MS17-010: Install the MS17-010 fixand all available OS updates issued by Microsoft in March 2017 to prevent getting exploited by the MS17-010 vulnerability. Any systems running a Windows version that did not receive a patch should be removed from all networks.
- Install emergency Windows patch: Microsoft has issued one-off security fixes for three operating systems that it no longer supports: Windows XP, Windows Server 2003 and Windows 8.
- Disable SMBv1: If it is not possible to apply either patch, disable SMBv1. Refer to guidance from Microsoft for doing so.
- Block SMBv1: Block SMBv1 ports on network devices – UDP 137, 138 and TCP 139, 445.
- Shut down: If none of the above options are available, shut down your computer. This can be prevented by shutting down vulnerable systems.