Blackhat hackers have officially taken to mafia tactics.
Their heist of choice? The hard drives of individuals and corporations.
Their objective? Payment via credit cards, bitcoins, or whatever means the internet makes available to them. Welcome to Ransomware.
The WannaCry malware attack that took the world by storm last month is suspected by both the FBI and DHS to have come from North Korea.
Hacker group The Shadow Brokers leaked Eternal Blue, from the NSA allowing the creators of WannaCry a way to access machines and hold their data hostage.
The exploit allowed hackers to access systems remotely and encrypt the contents of connected storage, but the key to unlock the encrypted files would remain with those that released it. The only way for users to get it? Pay $300 in Bitcoins to the Bitcoin address displayed on users’ screens when the attack occurred.
Prominent organizations across the globe including the United Kingdom’s National Health Service (NHS), banks and other primary economic actors were affected by the attack. Although focusing on the household names leaves out the small businesses that were affected all the same by the attack.
Aaron Timmerman, Owner of Tech 80, a Minnesota tech firm specializing in network security and backup shared his experiences restoring the systems of his clients, and offered advice to users hoping to avoid attacks of a similar nature in the future.
Q: Compared to your other projects, how extensive are the clean-up efforts to address the WannaCry attacks?
A: Any of my clients who get viruses like WannaCry that do not have my anti-virus and backup package. Because of this they instantly have an emergency project on their hands. It is frustrating for all parties involved and very costly for the client.
Taking sometimes a full week to decrypt if they choose to pay the ransom. Imagine the hours and money wasted when they could have been protected to begin with. They could have a whole new server or the latest computers for the price they pay.
Q: What are the main costs of the attack to clients? The UK’s NHS had to turn away patients. Have any of your clients been similarly impeded from conducting business.
The primary costs to clients in these forms of attacks are reputation among their employees and clients. Sure there can be an amazing monetary cost to the client, but the worst has to be reputation and the business lost in addition to having to admit they were not properly protected and did not have the proper systems in place.
I had one Twin Cites based client who could not conduct business for 3 days, lost several clients, and the cost was significant. I am surprised they are still in business. They lost all of their data because they chose to use freeware anti-virus and did want to have a backup system in place because they felt it was too expensive. A local drive recovery company that has never failed me in the past could not even get the data back.
A little known fact, and this is important, is that many companies are still running Windows XP which has been outdated for years. That is what happened to the NHS and it is simply unforgivable. My tip for the common person is to make sure any hospital, law firm, or other business that has their sensitive data prove they do not use Windows XP and have a corporate wide managed Anti-Virus system in place.
Q: Have the attacks made your clients more invested in their digital security?
There are two types of companies. Those who will have not suffered an attack, and those who will. I serve small businesses in the Twin Cities and those who were attacked, ,with the proper measures in place, didn’t even know they were attacked. Those who did not, were down for days and then chose to invest in their digital security. It’s like living in a very high crime area and installing a security system after you have been robbed and victimized.
Q: Could you explain how WannaCry came to impact businesses differently than individuals? Down the road. Could the exploit that made it possible be adapted?
In a business if you lose the financials and other files and do not have the proper recovery systems in place the files gone. The business may close putting families on the street, the money for raises or new equipment may be spent in recovery. An individual may be sad they lost pictures, but they will not go broke or spend thousands to tens of thousands in recovery. Individuals have a lot less data and typically backup, or copy, their important files to an external hard drive or cloud application. Business files must be constantly backed up with the ability to roll back files since they are updated almost by the minute and by several individuals.
Q: Do you have any recommendations to individuals or businesses to protect themselves from attacks of this nature?
Never use freeware solutions, they simply do not work very well. Always have a cloud based backup that will keep multiple versions of their files. Keep your computer updated through Windows update. I counsel small businesses and individuals and it is paramount to have a good anti-virus in place, preferably one that also eliminates mal-ware at the same time.
Should a business or individual’s counsel advise a freeware anti-virus they should simply thank the person for their time, and move on to counsel that will think long term and set them up with a proper solution. Businesses should have a backup solution that has both local and cloud backup, preferably with an ‘easy button’ to change to the backup computer so they can conduct business while the server is being restored.
Get a bitcoin wallet and a couple hundredths of a bitcoin just in case all else fails and the ransom needs to be paid. I have seen many iterations of the WannaCry virus while supporting small businesses and I have yet to see one that does not send the decryption program if the ransom is paid.
Q: Compared to past attacks, why was WannaCry so severe?
WannaCry did not require the opening of an e-mail, and took advantage of those businesses unwilling to update and careless IT departments. The virus spread like wild fire through a vulnerability the NSA has known about for some time and then got hacked. The virus author took out the kill switch then sent into the wild.