Ransomware and Beyond – Part 2

alistair_ransomware_and_beyond

No networked computer system is immune to malware attacks, but some organisations actively prepare to defend themselves. Here, for example, is an illustrative news report that warms the cockles of my Technical-Support-Desk heart.

On November 25, 2016, the San Francisco Municipal Transportation Agency (SFMTA) was attacked by ransomware – to be specific, a variant of HDDCryptor, which encrypts files, rewrites the Master Boot Records for all partitions (locking the user out of his computer), and presents the victim with a cheeky message containing instructions for payment.

According to SFMTA, the malware attack primarily affected ~900 office computers, and had no impact on transit operations or safety. According to an announcement on SFMTA’s website, the ransom of 100 bitcoins (approximately AUD$103,000) was entirely ignored:

The SFMTA has never considered paying the ransom. We have an information technology team in place that can restore our systems, and that is what they are doing.
Existing backup systems allowed us to get most affected computers up and running this morning, and our information technology team anticipates having the remaining computers functional in the next day or two.

To which I (quietly) yell: ‘Huzzah!’ It’s great to see the bad guys foiled, and it’s also instructive to see what saved the SFMTA’s posterior: ‘…existing backup systems…’ Backups, and especially off-site or cloud backups, are your very best friends when the cybercrooks come to call. (And with the cost of storage at all-time lows, it’s hard to imagine a company these days that doesn’t take backups very seriously.)

Let’s assume that your organisation is properly and sensibly backed up, and move on to malware prevention. What can you do to minimise your susceptibility to ransomware attacks?

1) Educate your employees.

Using the Internet without behavioural checks is a recipe for disaster. Visiting strange websites, downloading files and torrents, and opening unexpected e-mail attachments (even from clients and people you know) are great ways to open the doors to ransomware. Teach your users the various modes of attack: phishing, which casts a wide, untargeted net, spear phishing, targeted directly at a company’s users, and whaling, which specifically targets C-suite execs.

2) Insist on stronger passwords and change them regularly.

Personally, I’m a fan of the four-word and a symbol convention. Forget unusual symbols, leet-speak and capital letters. There’s a good argument to be made that the strongest password is simply four unconnected words. Although it may seem counterintuitive, ‘Crumpetkissing@parsnipkangaroo’ is easier to remember, and much harder for a crook to crack, than anything you can do to the name of your cat: ‘Mist3r_T@@dl3z’ with photos as hints of him blasted all over your Facebook profile. As an example 10 characters with a symbol gives 171.3 sextillion (171,269,557,687,901,638,419) combinations to comb through.

3) Automatic patches.

All your business’s operating systems (including phones, tablets, laptops) and browsers should be automatically patched with security updates.

4) Software updates.

Antivirus and anti-malware software is constantly being updated. Make sure that all your network devices are running the latest versions.

5) Deploy application whitelists.

Application whitelisting ensures that only authorised applications can be downloaded or run. According to the Australian Department of Defense, application whitelisting is the most effective strategy for mitigating targeted cyber intrusions.

6) Implement e-mail and web security tools.

Security tools allow your system to analyse e-mail attachments, websites and files for malware and block potentially compromised advertisements and websites. (If anyone complains, tell them to stop uploading their holiday pics and get back to work!)

7) Virtual LANs.

Segmenting your network using VLANs is not a cure-all, but it can help prevent the spread of malware.

8) Mobile Device Management.

MDM technology can be configured to automatically inspect and block mobile devices which do not meet your organisation’s security standards.

And finally…have I mentioned backups? I know that I have, and yet I’m doing it again, because backups are your very best friends. If you don’t believe me, just ask the good admins at the San Francisco Municipal Transportation Agency.

Stay ahead of the rest...

SYSPRO blog gives you weekly industry insights supplied by experts.



Leave a Comment