2017: The Year of Ransomware

Last updated: 18 January 2018

Last year was a lousy year for the security of private and sensitive data. We saw mega hacks, an increase in ransomware, and single breach that left half of all Americans vulnerable to fraud and stolen identities. According to Gemalto’s Data Breach Index, more data was lost or stolen in the first half of 2017 (1.9 billion records) than in the entire of 2016 (1.37 billion) and that was before the biggest breaches of the year.

Taking a look back, we saw a huge increase in ransomware in 2017 (mostly because of two massive global attacks). According to new researchransomware from anti-virus software firm Bitdefender, ransomware payments hit $2 billion in 2017, twice as much as in 2016. Ransomware attacks are predicted to continue in frequency and aggression as they become more sophisticated and harder to stop. The US was the biggest and easiest target. The 2017 Internet Security Threat Report, found 64% of Americans are willing to pay a ransom, compared to 34% globally. And the average ransom spiked 266%, with criminals demanding an average of $1,077 per victim.

Ransomware at a glance
Ransomware is a form of malware that basically takes hostage of systems, either by locking the user out completely, or locking files so they can’t be accessed. The most common action of hackers is to encrypt files and force users to pay a ransom to get the decryption key. Ransomware is a virus delivered, usually, through a link. Once the user clicks the link, the virus takes over and can spread to the rest of the corporate network. The user is presented with a message explaining their files have been taken hostage and given instructions of how to send payment. Other, more aggressive forms of ransomware don’t rely on traditional phishing, but rather exploit security holes to infect systems. NotPetya and WannaCry were two such attacks this year.

Let’s take a look at some of the noteworthy ransomware attacks of 2017

Spoiler alert
A breach of HBO in June lead to the theft of 1.5 terabytes of data, including full episodes of unreleased shows. The hacker demanded payment of millions of dollars to stop the release of show episodes. HBO stood firm and didn’t give in, but suffered a rough few months as the hacker gradually released the stolen materials, including a script for an unaired episode of Game of Thrones. The hacker was finally arrested by the FBI in November. The hacker in this case targeted users who could remotely access HBO’s computer systems.

Global hostages
Two well-known ransomware attacks, WannaCry and NotPetya, caused global alarm and spread fast and furious, infecting hundreds of organizations. In May, WannaCry affected more than 150 countries and targeted businesses across many different industries. The WannaCry ransomware worm exploited a critical Microsoft vulnerability, and targeted organizations running outdated or unpatched Windows software. The WannaCry hackers demanded ransom to unlock blocked data files from more than 300,000 computers. NotPetya used similar tactics as WannaCry, but was much more targeted, mainly affecting organizations in Ukraine. However, it affected several healthcare agencies in the US, including pharmaceutical giant Merck, which lost more than $310 Million due to NotPetya. The initial means of infection was a tax and accounting software package.

The Great KQED Ransomware Attack

One of the largest public media companies in the US experienced a two-month nightmare over the summer of 2017. KQED, the NPR station, servicing the San Francisco area, was hit with a disruptive ransomware attack that caused wide-spread blue screens of death, loss of phone access, and no internet! This all but rendered the station useless and forced employees to find some creative workarounds to keep operations going. The hackers demanded 1.7 bitcoins per computer (roughly $2,500). But the hackers so generously offered and alternative of a one-time special deal of $27,000 for all computers. There is no solid evidence as to how the ransomware was introduced, but KQED was very open about their security holes, including allowing admin rights for local users. KQED considered paying the ransom, but was talked out of it by the FBI, which urged the station to not pay the ransom, fearing they would be an easy target for future attacks. The station was eventually able to fend off the attack, but it learned a very valuable lesson regarding security vulnerabilities. This is a fascinating story and I encourage you to read the full article at KQED’s website.

Ransomware defense

So what is the best way to protect your users and systems from ransomware attacks? Here are a few tips.

• Most importantly, keep your operating systems up to date and follow through with any patches for vulnerabilities. As we saw with WannaCry and NotPetya, exploiting software vulnerabilities is the latest, most aggressive avenue for malware delivery.
• Use multi-factor authentication, at the very least for remote access (which would have prevented the HBO attack).
• Keep control of user rights and don’t allow for unchecked software installation (Learn from KQED’s mistake).
• Ensure systems are running antivirus software that will detect malicious programs.
• Schedule automatic system backups. So if you are faced with a malware attack, you can at least replicate some of the files and ease some of the fallout.
• Communicate with employees and train them to recognize suspicious email.

So beware the ransomware and remember to use multi-factor authentication. Discover how strong security and user convenience can coexist, check out our video What is PKI (Public Key Infrastructure)?

Leave a Reply

Your email address will not be published. Required fields are marked *