Shortly after the WannaCry ransomware cryptoworm finished swindling Microsoft Windows users out of billions in May 2017, the finger pointing game began. U.S. blamed North Korea, Twitter exploded with conspiracy theories, and everyone scrambled to secure their precious information using whatever methods seemed feasible.
But then an unfamiliar variant of Petya nailed 80 global companies in a politically-motivated attack meant to throttle the Ukraine. Analysts speculated this because ransomware normally allows the release of data after payment, yet Petya didn’t offer this luxury. The origination of the attack clearly implicated Ukrainian cybercriminals, was isolated to roughly 80% of Ukraine companies yet was vehemently denied as being ‘serious’ by Putin’s press secretary, Dmitry Peskov.
A false narrative stole billions by exploiting a vulnerability designed by the NSA. Sounds like some poorly scripted action film, but it’s true to form.
It gets scarier.
SamSam, first discovered in 2016, looks for unpatched server-side software to intrude. Once in, they’re able to lay waste to every Windows computer connected to the network, collecting sensitive data from companies before dumping another payload of ransom requests. Since 2015, SamSam has plundered major companies and wreaked havoc on cities like Atlanta to the tune of $5.9 million.
Nefarious code writers, using only their laptops and desire to hold data hostage, are coming for your digital assets. It’s one ubiquitous threat to multibillion dollar firms and small enterprises that can’t be ignored.
How ransomware distributes its payload
Low-level hackers use sketchy websites, email blasts and pay-per-install schemes to infect computers with ransomware. These methods aren’t nearly as effective since most of society’s computer users are more educated now than 10 years ago. But make no mistake – they still work.
Petya shoots straight toward the heart of PC’s – the master boot record (MBR). Once there, the cryptoworm will trigger a rewrite of Windows’ bootloader and initiate a computer restart. Once DOS has begun loading, the payload is dropped, encrypting the Master File Table of NTFS, which most Windows-based operating systems are partitioned with.
Throughout the ransom process, the user’s screen will look like CHKDSK (check disk) is running a series of drive sector repairs. Once the required Bitcoin payment is submitted, the ransomware will self-terminate. However, Posteo suspended the hacker’s email account for terms of service violations, meaning those who insisted on paying the ransom couldn’t send payment confirmation.
Petya was powerful enough to knock Chernobyl’s Nuclear Power Plant radiation monitor offline in 2017.
WannaCry was a short-lived yet highly lucrative cryptoworm that affected global computers running Microsoft Windows. Utilizing an exploit in older versions of Windows developed by the NSA and released by The Shadow Brokers dubbed ‘EternalBlue’, the ransomware encrypted data and demanded Bitcoin payment for its release. It worked in tandem with the DoublePulsar backdoor tool, although it was written to self-install as a failsafe.
Although Microsoft quickly patched the exploit in their flagship platform and developed a kill switch to avert further tragedy, 200,000 computers spanning 150 countries were affected, forcing countless businesses and consumers to pony up the requested payment.
Indeed, ransomware is one of society’s most widely disseminated forms of cryptovirology designed specifically to pervade our most valued possession: information. No industry is impervious to its destructive capabilities.
Ransomware targets many industries. Yes, even yours.
If you’re looking for reasons why small businesses can’t ignore cybersecurity, look at how the following industries have been victimized by ransomware over the last three years:
Not only did Atlanta endure their own $51,000 nightmare involving SamSam blocking access to court documents, but Baltimore’s 911 dispatch system was infected. Atlanta has since spent $2.6 million to secure their networks, computers and employ cybersecurity experts to help mitigate future attacks.
Farmington, New Mexico had their records processing and electronic bill payment system upended by ransomware, too. Also forced the City Hall in Springfield, Tennessee to fork over $1,000.
Utilities and Energy
Major utility providers, like Lansing Board of Water & Light (BWL) in Michigan, have seen their share of ransomware attacks. The BWL attack was propagated through email attachment, locking out employees with enterprise-level computers.
In April, the Ukrainian Energy and Coal Ministry website succumbed to a low-level ransomware attack which was quickly mitigated without paying the ransom fee.
Anonymous cyber extortionists bilked a remote Massachusetts school district out of $10,000 in bitcoin in May. The payment was made relatively quick to avoid excessive damage.
University College London, one of today’s most prestigious universities, was attacked in 2017. It’s unclear what the college paid, if anything, to secure their data.
Industry analysts concur that healthcare takes the brunt of ransomware attacks since personal data reaps thousands on black market .onion websites accessible by Tor. For example, Hollywood Presbyterian Medical Center forked over $17,000 back in February 2016.
Victims like the National Health Service hospitals in Scotland and England saw 70,000 connected devices, such as MRI scanners, theater equipment and blood containment refrigerators damaged to some degree by SamSam.
COSCO recently admitted ransomware crippled systems in several worldwide locations, including the United States. Free email addresses offered by Yahoo and Gmail were harvested.
NotPetya, an offshoot of the Petya cryptoworm, affected the world’s largest container shipper, Maersk. FedEx sustained damage from WannaCry, too.
In fact, every industry that owns connected devices such as tablets, computers, servers, scanners and highly technical machinery can fall victim to ransomware. If it uses an internet connection at any point, it’s game. Companies should explore all options available.
Companies can protect themselves. Immediately.
An ounce of prevention sure beats paying $50,000 in bitcoin. Unless you’re flush with cash and prepared to lose customer credit card information, sales data, an entire website and possibly the company itself, start by doing simple prep work, like:
- Disconnecting all network computers from the internet when a significant speed drop is recognized.
- Shutting down all devices when something seems afoul.
- Creating backups which are offline and offsite.
- Avoiding the use of default passwords (like Admin123)
- Restricting access to Port 3389 (RDP)
- Investing in cybersecurity.
The latter item is imperative. Sit back and ponder the time, money and effort expounded in building your company. If you’re not treating your business’s data safety needs with respect, don’t be shocked when others refuse to, either.
The end game? It’s about keeping connected networks and computers vital to your company’s data warehousing secure. Locked down. Surviving the algorithm of ransomware means keeping that algorithm from penetrating our defenses.
Cybercriminals are cunning. They’re now concentrating their efforts on bitcoin, having created several variations of Petya capable of bilking millions in cryptocurrency in one swipe. Have they shied away from their thieving roots? No. In fact, attacks are happening to corporate servers as we speak.
Ransomware isn’t dying anytime soon, because as long as something of value is attainable, there will always be several rogue organizations gutsy enough to hold it hostage.
The threat of ransomware is real. What does your company stand to lose if ransomware took over your network?