IAS Security Hero

Ransomware 2017, why is this still a thing?

My last post on Ransomware was in 2013 when we were being hit by Cryptolocker. I mentioned that in around 2010 Data Doctor 2010 was the ransomware in the news. According to Wikipedia, the first "ransomware" was called the "AIDS Trojan" in 1989, which didn't encrypt your files, but merely hid their data by encrypting the filenames. An experimental cryptovirus was created for Macintosh which used public key cryptography to ensure that the cryptographic key couldn't be extracted from the binary, the fatal flaw of the AIDS Trojan. It was nearly 10 years later in 2005 that ransomware became mainstream and largely profitable for the industry.

What I don't understand is that the protections remain the same as when it first came out.

  1. Backup your files
  2. Patch your system
  3. Use a firewall
  4. Delete suspicious messages

Clearly, we are not doing enough to teach these lesons. In 2017, the newest variant is WannaCry. This ransomware was stopped in its tracks when a security researcher accidentally deactivated the malware when he registered a domainname that he found buried in the code. I believe the name came from the user's feelings of wanting to cry after getting hit with the malware. I want to cry that this is still a thing we are suffering from. And apparently, it is becoming more and more profitable by the thieves running it.

So, once again, please backup your files. Back them up somewhere where they can't be touched by malware, and where multiple versions of your data is saved. There are 100s of cloud solutions out there that are cheap enough that everyone should do this. Second, patch your systems. I recommend everyone put away 25% of the cost of a new device every year. In year 4, you have enough to purchase a new device if it can no longer be patched. Don't find yourself surprised when your trusted computer is no longer supported by the vendor. You don't want to operate with something that isn't patched anymore.

Using a firewall is built into more operating systems today. You should also run one on your router to ensure that these type of issues don't get in unfilter.

And let's be honest, it is so much simpler just to convince you to click and run something than it is to hack into your firewall. Realize that if you are doing steps 1-3, the thieves will focus on step 4 and try to convince you to let them in the front door. Be vigilant and Stop. Think. Connect.

--ep