Ransomware is here to stay, which means it's time to make a few changes to how we respond.
Two massive ransomware attacks in less than two months have caused chaos across the globe. First came WannaCry—which hit the UK's NHS particularly hard—and likely infected about 300,000 PCs worldwide — and this week a new variant of Petya followed.
So far it looks like Petya will be much less widespread than WannaCry, but it has still managed to infect PCs at a string of high profile organisations, from oil company Rosneft to shipping giant Maersk and advertising giant WPP. So what can we learn from these events?
Businesses are now a key target for ransomware
Ransomware used to be a nuisance, and one that mostly caused problems for home users. But businesses have much deeper pockets than consumers, which means in the last couple of years online fraudsters have turned their attention to ransoming business data instead. That's not likely to change any time soon so organisations need to take the threat seriously. This is a threat to your business data, not just to somebody's holiday photos.
Being willing to pay up is not a valid strategy
A report from the UK's National Crime Agency noted that some companies are now stockpiling bitcoins in anticipation of a ransomware attack. That might seem sensible, if somewhat pessimistic, but paying off crooks is a bad idea for a couple of reasons.
Firstly it will encourage other criminals to try the same trick, which means the ransomware problem gets bigger for everyone. Secondly, being willing to pay-off criminals may mean companies are less willing to spend the time and effort needed to secure their systems properly. And third, paying up doesn't always mean the fraudsters will actually unlock the data again. In the case of Petya, for example, it looks like the data cannot be decrypted by the perpetrators anyway.
Your business might end up as collateral damage
Just because you aren't a high profile target, that doesn't mean you won't get hit. It's too early to be sure but it's entirely possible that Petya was aimed specifically at Ukrainian industrial targets, but spread much further than its makers expected. So even if you are in a different country and a different industry you might still get hit.
And even if you and your staff are smart enough to not click on strange attachments in random emails, that's not the only way this ransomware spreads, thanks to the addition of worm-like capabilities. Being vigilant is not enough of a defence anymore.
You don't know what you've got, till it's gone
Understand what data really matters and protect it. It may not be what - or where - you think it is. Some of the most important information may not be well structured and duplicated in a corporate database but may be sitting on a single PC. And staff may not ever consider the consequences of losing access to a particular file or spreadsheet. Ransomware isn't the only disaster that can hit a PC but it's a good opportunity to consider where the critical data in your organisation is, and how to protect it better. Don't assume you've identified it all.
Patches are not an optional extra
WannaCry was so infectious because it used an exploit developed by the NSA and then leaked by the Shadow Brokers and dumped on the internet. But there was a patch available for vulnerability months before it was used to such destructive effect in WannaCry. Patching systems is tedious and time-consuming and often those patches have to be tested to make sure they don't break anything else inside a business. There's a trade-off to be made, but WannaCry and Petya are good examples of why having a good policy in place matters.
All of this has happened, all of this will happen again
There's little to suggest that Petya is going to be the last ransomware crisis the world is likely to see. There are plenty of flaws in software to exploit and plenty of greedy criminals around willing to make money from ruining someone's day. Make sure it isn't yours.
READ MORE ON CYBERCRIME
- Free hacking tools start teens on path to cybercrime
- Russian hackers are selling British officials' passwords [CNET]
- Cybercrime Inc: How hacking gangs are modeling themselves on big business
- Ransomware: An executive guide to one of the biggest menaces on the web
- Cybercrime industry growing rapidly, cybersecurity can't keep up [TechRepublic]