Tag Archives: WannaCry

Taking Over…

a-woman-buries-her-face-in-her-hands

Last year, I visited Atlanta Airport seeking an incident report. The airport is a massive place and, after I found a very helpful airport employee, I wound up outside the emergency services offices. Fortunately, the staff was both friendly and helpful and, within minutes, the gentleman I was speaking with was asking his colleague to look up the incident in question in order to provide me with the information I needed for the next steps forward. It all seemed very easy until it wasn’t. His colleague looked at his screen and then stated that something seemed to be going on and his computer was not responding. After trying a few things without success, I was given a phone number to call and follow up. I was to get what I was looking for within the next couple of days.

I left and heard nothing for almost a month, which actually worked out for me because I was traveling a lot and would not have been able to do much with the information. When my call was finally returned, I learned that the reason it had taken so long was that the city of Atlanta had been taken down by a Ransomware attack. The day I was at the airport, was when the attack was happening! Imagine that, I was in the midst of a lot of drama and excitement and had no idea. The only story I have to tell is that I saw a blue screen of death and then it took three weeks for my call to be returned.

I will say this: if anyone is affected by a ransomware attack, my story is probably the best outcome to have. A couple of years ago I shared a story about my friend whose clients were victims of ransomware attacks where $300 to $600 was demanded of them. In that time, ransomware attacks have become more sophisticated and a lot more frequent. Cryptocurrencies have also contributed to the boom because it makes the attackers more difficult to track down. As I wrote in a piece on ransomware, the first known ransomware attack happened in 1989, where the attacker sent floppy disks to attendees at a conference. A program on that disk locked the computer on its 90th restart, demanding $189 of the user for a resolution. The Atlanta ransomware attackers demanded $52,000 (and it took over $2.5 million for the city to recover from the attack). The attackers may ask for what may seem as relatively small amounts when they attack but it adds up. In 2016, ransomware attackers made over $1 billion and that amount climbs every year. In addition to the upfront cost of the ransomware demand, often a victim has to spend a lot of time and money recovering from the attack. I mentioned before that Atlanta spent over $2.5 million and they are not alone. Ransomware damages are predicted to reach $11.5 billion this year.

As you can see from my friend’s experience and that of Atlanta, there is no victim too large or too small for an attack and so it is imperative for all of us to take steps to protect ourselves and do what we can to mitigate any damages should we be attacked.

  • The first easy step is backup, backup and then backup offline. Because I have had backups fail on me, I try to have two backups of information and itis important to make sure that your backup is separate from your computer. In this way, should your computer be attacked, your backup will be someplace else.
  • Then try to use two-factor authentication for your logins. Many applications and websites already insist on this but try to make it a habit for yourself, whether or not someone else is doing it.
  • Update your passwords regularly – yes, it’s a schlep but especially with very regular news about companies being hacked, companies that house your sensitive information and logins, it makes sense to keep changing these.
  • Be careful about opening up emails and clicking on attachments or links in those emails. I know we live in a world with way too many emails and way too little time, but think before you click. If you receive an email you are not expecting, check to make sure that it is a valid email. Just last week, I received an email from a fellow CPA and when I checked with her, it turned out that her email was hacked and was sending out malicious links. If the tone and language of the email are vague or don’t sound like the voice of the person you have dealt with in the past, double-check with the person. It doesn’t take long and can save a lot of pain.
  • Update your software. A lot of ransomware takes advantage of vulnerabilities in software and taking advantage of the fact that many people do not regularly update their software. Set your machine to update automatically, then you don’t even have to think about it.
  • If, unfortunately, you are a victim of a ransomware attack, think on it before you pay. You are dealing with criminals. Although it seems that more often ransomware attackers do restore machines after attacks (it’s better for business, apparently) it is not assured. Often people find that they have no option because they do not have a recovery plan. If you have the option of recovery, it is easier to make the decision on whether or not to take the chance of paying.

Ransomware is on the rise and so it seems that more of us are at risk than before. It is smart to take a few protective steps if only to keep you from taking weeks to return a call.

 

Advertisements
Tagged , , , , , ,

Makes You WannaCry

ransomware

A couple of years ago a lawyer friend told me about clients who were coming to her office, panicked because their computers had been locked by parties claiming to be the FBI. In order to get their machines unlocked, these fake FBI agents demanded to be paid a ransom. On Friday, over 200,000 machines were locked by people (I assume it was more than one person) who did not even pretend to be good. They encrypted the information on these machines and demanded $300 to $600 per machine or, they threatened, all the data on those machines would be destroyed. This type of attack is called a ransomware attack. A program is introduced into the machine, and it locks and encrypts all the data on the machine. A message pops up on the infected machine demanding that money be paid, almost always via bitcoin. Once the ransom has been paid, the message says, a method to unlock the machine will be sent. If the ransom is not paid within the time demanded, all the data on the machine will be erased. So much of our lives, both personal and business, is stored on computers; can you imagine what would happen if your computer was locked? The mere thought makes my heart speed up.

Earlier this year, a hacker crew called Shadow Brokers released several tools used by the National Security Agency (NSA). Among these tools was one called EternalBlue and this tool exploited a flaw in Microsoft Windows. Armed with the information that was leaked, Microsoft created a patch to fix this flaw and released this patch in March. Perhaps you have now read this far and you are wondering, if the patch was released in March, how did this massive attack happen in May? How many times has a message popped up on your machine while you are in the middle of something. The message tells you that an update is available for your machine. You see it, but you are in the middle of something important. You close the window and delay the update. This can happen over and over again. Some people, irritated by the notices, turn off the alerts altogether. Now, these automatic alerts are only available on versions of Windows that Microsoft is still actively supporting. So, if you have an older version of Windows, such as XP, Windows 8 or Windows Server 2003, you no longer receive alerts for updates. Either way, there are millions of machines that were vulnerable to attack on Friday. And on Friday, ransomware aptly called WannaCry, wreaked havoc all over the world.

It is believed that the attackers gained access to computers and systems using infected zip files attached to emails. People opened emails and clicked on attachments. These emails did not come from friends and the people clicked on attachments, not knowing what they were opening. Taking advantage of the fact that many organizations store their computer information on servers, making all users interconnected. The WannaCry ransomware, once released by one user, made its way through the interconnected systems and attacked other machines, even those belonging to people who did not click on the infected attachments.

This attack has made many things apparent:

  • Keeping secrets can sometimes go very wrong. The NSA knew that there was a vulnerability in Microsoft Windows. If it was not for the Shadow Brokers leak, Microsoft may not have discovered this vulnerability and they would not have developed a patch to fix it. One can also argue that, if Shadow Brokers had not leaked this information, the hackers may not have known to create WannaCry and none of this would have happened in the first place. I have found, though, that generally speaking, secrets are not kept that way forever.
  • When I wrote about the fake FBI attacks, I stated the importance of keeping your computers up to date. I cannot stress this enough. When the reminders pop up on your machine to update your software, update your software. Install the security fixes. If you don’t want to be disturbed, set up a timetable so that your machine will automatically check for and install updates on a regular basis. Remember, also, to restart your machine on a regular basis. Many installations are not complete without a restart and some updates are triggered by a restart.
  • We live in a time where everyone receives more email than they want to deal with. We run the risk of making careless mistakes, opening up emails and clicking on attachments when we have no idea who sent the email and what is in the attachment. Nowadays, you are almost lucky if the only thing that the attachment does is send out a lot of spam to your friends. More often, click on that attachment can lead to hackers stealing information from you or holding your machine hostage. Sometimes, even when I receive an email, with an attachment, that appears to be from a friend, I will double-check with the friend to make sure that they have sent the email and their account has not been hacked. The extra step may seem tedious but, enough times I have found out that my friend was hacked, so I keep asking when I am suspicious.
  • If your operating system is no longer supported, you should consider getting new software that is. I say this with mixed feelings. Like most people, I hate being forced to buy something when what I already have has been working well for me and when I don’t like the new version. I feel scammed being made to spend that extra money and if the world only contained righteous people I would tell you to keep your software and change it when you are ready. But, we live in a world where people are ready to take advantage of an opportunity to get money out of you. Microsoft stopped providing support for Windows XP in 2014. This ransomware is specifically taking advantage of this fact. It’s a shame, but it is the way it is.
  • Back up, Back up and back up some more. If you are regularly backing up your machine and keeping the backup either in the cloud or on an external drive, you know what you can do when your machine is held for ransom? You can ignore the ransom demand because you have your data saved some place safe. The clock can tick down, the files on your machine can all be delete and, even though it will suck to restore everything, you can do so.

On Monday morning, people are going to go to work and turn on their machines and many machines running Windows XP or that have not been updated in months will be open to attack. Many of those that are attacked will want to pay the ransom because their data has not been backed. Just weeks ago, articles were written about how British hospitals spent nothing on cyber-defense.  On Friday, they could barely function. Maybe they had started having meetings and started discussing taking steps to protect their systems. But, like we all do when that warning popped up, they put it off. I am sure right now they are wishing they had done something to protect themselves because they had to scramble to fix a disaster.

Tagged , , , , , , , ,
Advertisements