Ransomware: Gimme Or The Files Get It
With the recent spat of ransomware programs out there like WannaCry or NotPetya, there’s more questions as to who’s responsible, and what can be done to prevent it.
One nice thing is that for the most part, and which isn’t widely reported in the news, Microsoft has released patches that render computers immune to these specific ransomware attacks. That being said, the patches already released aren’t a cure-all for every single subsequent ransomware permutation.
The analogy is no different than catching the flu or a cold. Millions get them every year, and every year, millions more get flu shots, but the shots don’t cover every version of the flu virus. When you do get one of the many and varied versions of the flu and eventually get over it, you tend to be immune from it for quite a while, but if you’re exposed to a new version that you never got a shot for, then you’re going to get infected.
It’s no different with ransomware. As soon as companies like Microsoft, Apple, and others find out about a new ransomware that takes advantage of a bug or vulnerability in their software, they create a patch for it to render the computer(s) immune to that particular one, and any others that are very closely related. Until that patch is released though, there is a danger to everyone, but once it’s released, the risk of getting infected by the ransomware is massively reduced.
There are some caveats though. A big one is that the patch actually has to be installed. Some small businesses find the myriad and almost random nature of patch updating to be an inconvenience on their ability to work, but it is still vastly preferable to being hit with ransomware and having to pay thousands or tens of thousands of dollars simply because of the “inconvenience” of installing patches.
Another caveat is the concept of social engineering. One of the most popular forms, which has become a fact of life online, is the phishing email. In simplest terms, it’s a malicious email that looks like it’s from an official source, whether it be from somewhere like a bank, company, or even your boss, and the email prompts you to click on something or take some other action that infects your system with all sorts of nasty little malware, or to give up information like your bank account number, social security number, and any other private info. Some even prompt you to do things like transfer money to an account that may look like one of yours, but is in fact an account in the Cayman Islands. Some of these emails are VERY easy to spot as fakes, since the email looks nothing like the company it comes from, the grammar is way off, the link goes to some website you’ve never seen before, and the list goes on. Others are far more convincing, using current logos, email addresses that look valid or are even real addresses that got spoofed.
All it takes is for a single person to click the link or download the file from just one of these phishing emails to infect your entire system with ransomware, and it won’t matter how good of a firewall, antivirus, or IT team you had, you may never get your files back, since statistically only 2.8% of people who pay the ransom get the decryption key or software, and the remaining 97.2% of poor sols who are victimized by ransomware get sold down the river, and some businesses never recover from this.