With the recent Ransomware attack on the National Health System (NHS) in the UK, and, it is thought over 150,000 users and companies worldwide, we take a quick look at the history of Ransomware, and more importantly what steps you should take to protect yourself against such threats.
As the name suggests, once a computer is infected, the user’s files are encrypted and a demand for payment is made to unlock the files, the ransom often doubles after a specified date. The size of the ransom varies for around $500 for an individual, to over $150,000 for some corporations*.
Ransomware has been around a lot longer than you may think, and targeting the health industry isn’t new.
In fact the first reported attack was reported in the Becker’s Hospital Review in 1989, and carried out by Joseph Popp, PhD, by distributing 20,000 floppy disks as part of a medical research program in to AIDS, and in March 2016 the Ottawa hospital reported that over 9000 computers had been infected, their response was to wipe all the drives and reinstall from a backup. There were also reports of Kentucky Methodist Hospital, Chino Valley Medical Centre and Desert Valley Hospital in California being targeted by ransomware in the same month.
The most common way for a computer to become infected, is through email attachments or users clicking a link to a web site specifically setup to distribute the virus. However researchers from security vendor Cylance have demonstrated a proof-of-concept ransomware program running inside a motherboard’s Unified Extensible Firmware Interface (UEFI)—the modern BIOS.
This method can be used to install highly persistent malware that even a complete hard drive wipe and operating system reinstallation will not necessarily remove. Malicious code in low level firmware is difficult to detect and would require reflashing a new UEFI image.
Steps to help protect against Ransomware
- Make sure you keep your operating system and installed software up to date. Updates are often released with new features, but they also contain security fixes for known issues that can be maliciously exploited. Performing regular updates will help to minimise the chances of infection.
- Make sure you have anti-virus protection installed and it is up dated to the latest virus database.
- Think before you click. If a website link looks even remotely suspicious don’t click on it. If you have received an email you weren’t expecting or it has an unusual attachment do not open it. In the case of businesses or corporates, educate your users on phishing email techniques, and spoof websites.
- Perform regular backups. If the worse happens you can always follow the example of the Ottawa hospital, wipe the hard drive, with a product such as ZeroData, reinstall the operating system and recover files from a backup.
This advice is applicable to all connected devices, not just PCs. In today’s world of mobile devices, and BYOD, this is particularly important. These devices regularly do not have anti-virus software installed, software is not updated, or files backed up. If your company allows employees to bring their own device develop a plan that will take this in to account.
Written by Kristian Harris, Eurosoft (UK) Ltd.