Steve Smith talks about Ransomware, the necessity of cold storage, and how to curb these kinds of attacks.
Episode #7-45 released on July 8, 2017
Look at the last month, leaks of information from parts of the American Government's multiple agencies has led to attack after attack of viruses that encrypt your data, or destroy your data. What these attacks all have in common is the encryption of your data, and a message requiring payment in Bitcoin, to allow for the possible restoration of your data. Now, while cryptographic viruses have become the norm, and newer ones now exist as worms, many are requiring payment in Bitcoin. So, is there a way to end this trend?
This current modern problem can be dealt with in several ways, some of them do require users to pay more attention, and some require companies to be more aware of security.
Let us start with users, I do not remember how many times I have said this over the last 7 years, but I am sure I have said it a lot. Stop opening email attachments and make backups. Especially cold storage backups on hard drives that aren't connected to your computer or network, or burned to optical media which cannot be modified once the disc is created. If you have in your possession a reliable backup of your files, the one thing you won't be doing is freaking out every time your computer becomes infected with cryptographic viruses, or any type of other virus. This, also, means you won't be inclined to pay those ransom fees required in bitcoin, or other cryptocurrencies to possibly get your decryption keys to recover your files.
Which brings up an important point, the very fact that it is possible for you to lose your files even after paying a ransom. Police agencies around the world, and malicious groups won't always give you a way of getting your files back. It is a sad fact, but it is far more profitable for malicious groups to streamline the process, and just destroy files, even if you do pay. So, before considering paying a ransom fee because of a virus, just don't pay the ransom. These groups are motivated by greed, and removing all monetary incentive to continue this method of attack on everyday individuals and companies will result in their current means of getting money changing and becoming obsolete.
Which brings us to businesses. We know that keeping our software up to date is the only way to mitigate the risks. But, this doesn't help anyone when malicious groups take advantage of weaknesses in security to compromise users doing just this, updating to mitigate the risks of being infection. This is exactly how NotPetya, a Petya variant using the EternalBlue Exploit, initially got spread in the Ukraine. Yes, the same exploit used by WannaCry, developed by the NSA, which it lost control of. Businesses need to take security to their infrastructures seriously, and the way we achieve this is, also, by affecting them monetarily. The world is driven by money, so money, or the lack there of it, is how we all can make or break a company, or force it to change how it secures its data.
It is, also, important to educate the staff of companies in handling many of the tactics used by malicious groups and users to obtain illicit access to data or resources, or compromise services related to businesses and their data security. Ignoring the human factor, is ignoring a major weakness in company and data security, altogether. Often, the human element is what is easiest to exploit, and once that security hole is closed, very few people can exploit systems regardless of design.
It is probably, also, important to say that Microsoft will be implementing Controlled Folder Access to prevent Ransomware Encryption based attacks, by making it impossible for unauthorized programs to change or modify file in protected folders, and this feature will be available in the September or October 2017. This tool will be part of Windows Defender.
Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net