As many will now be aware, a massive ransomware attack occurred across the world, affecting mainly English and US computer systems. One of the biggest victims was the UK’s National Health Service. By all accounts, the attack has not so far been widespread in Australia and most authorities and anti-virus systems are up to date on the malware footprint.
What is WannaCry?
This malware program affects Windows based systems and exploits a well known vulnerability in a number of versions of Windows, The vulnerability is known to Microsoft (MS17-010) and was patched as far back as March.
In many cases, ransomware gets on to a system through a user clicking on a link in an email. Once that link is clicked, the malware is downloaded onto the computer and it then exploits the above vulnerability to encrypt files and documents on the computer.
However, in the case of WannaCry, if a Microsoft system is not patched as described above, the program uses tools originally developed by the USA’a National Security Agency to exploit the vulnerability – in other words, without intervention from the user,
The original files and documents are then deleted, and a screensaver message will appear, giving payment instructions and also outlining what will happen if the victim does not comply.
What do I do if I get ransomware on my computer?
Whether it’s Wannacry or any other form of ransomware, the first and most important thing is not to panic. We would suggest disconnecting your PC from any network connection and turn it off. Call your local computer support team as soon as possible.
Should I pay the Ransom?
This is a judgment call for all victims of this sort of crime but our suggestion would be to report it to the authorities first. In Australia, you can report ransomware attacks to the Australian CyberCrime Online Reporting Network (ACORN) at http://www.acorn.gov.au
How do I protect myself against ransomware attacks?
Common sense rules the day here.
- Update Update Update - First, make sure that your computer’s operating system has been patched to the latest updates. As noted above, WannaCry exploits a vulnerability that was patched by Microsoft in March of this year. But even that’s no guarantee of safety, as some of these systems are upgraded to utilise other unpatched or as yet undocumented vulnerabilities, or where the malware is as yet unknown to Microsoft or antivirus systems (known as “zero day” exploits)
- Anti-Virus and Malware Scanners - Make sure you are running a reputable antivirus scanner that is also up to date and is regularly updated. Whilst there are a number of good commercial products in the market, Bear in mind that Windows 8 and 10 also have an inbuilt antivirus system called Windows Defender. In addition to this we would also recommend that you download at least the free version of Malwarebytes (https://www.malwarebytes.com/). This program is a useful and effective supplement to your antivirus programs.
- Email and Suspect Web Links - Importantly, be careful with your email and with strange links to websites. Many malware programs are spread by malicious links or attachments in email. Once you click on the link or open up the attachment, that’s when the trouble starts.
Be very careful about emails with odd email addresses or from people you do not know. Bad grammar and short cryptic and often confusing messages are usually a tell tale sign that the email is not legitimate.
If your email is being provided by your Internet Service Provider, find out if they are running mail scanners at their end to hunt down junk mail and malware. Whilst none of these systems is absolutely foolproof, many ISPs offer such services as addons and some of them actually provide options for such a service that you can control yourself through a web console page.
Email is a very insecure way of communicating even though it’s the most convenient way of doing so. Be suspicious of what you see in your inbox. Even if an email looks like it is coming from someone you know, be cautious, because sometimes email addresses can be spoofed or made to look similar but not the same as the person’s in respect of whose email they are spoofing. (Our Nerd Herder wrote about the dangers of email a couple of years ago (https://www.cso.com.au/article/560207/r-p-email/) ).
- Backup Backup Backup – It is very important in this day in age to backup all of your important data and files. Small businesses especially can be crippled by a Ransomware attack. If you have been a victim of an attack and you do have backups, then you may lose a little bit of current data but you may well be able to restore your data with only minor impact. Without backups you are quite literally held captive by your attacker.
It is important that when backups are made, that they are taken off line from the PC being backed up. If not, then it is possible that even your backups could be attacked.
Spend time policing your data. If you have important data that is only referenced occasionally, consider putting it on another computer or in a safe storage medium such as a Network Area Storage system (NAS) or a backup drive. And also consider storing your data on another device that is not exposed directly to your email or web browser. Segregating computers from each other does also contribute to the safety of your local area network.
If you are looking for a remote backup service, there are many available to you. At Lateral plains, we run our own datacentre services and we also have access to large secure data warehouses that are backed up in Melbourne and Sydney. Automated backups from your PC to these various backup services is available.
Feel Free to Talk to us!
Some References for you
If you are interested in reading a bit more about Ransomware and the cybersecurity, here are a few useful links
- Wanna Decrypter 2.0 ransomware attack: what you need to know – Naked Security: https://nakedsecurity.sophos.com/2017/05/12/wanna-decrypter-2-0-ransomware-attack-what-you-need-to-know/
- WannaCry Ransomware Explained By An Aussie Security Expert: Lifehacker - https://www.lifehacker.com.au/2017/05/wannacry-ransomware-explained-by-an-aussie-security-expert/#iqpmSSIddyFxPCpL.99
- Wanna Decryptor: what is the 'atom bomb of ransomware' behind the NHS attack? - Wired Magazine: http://www.wired.co.uk/article/wanna-decryptor-ransomware
- Ransomware campaign impacting organisations globally - The Computer Emergency Response Team: https://acsc.gov.au/ransomware-campaign-impacting-organisations-globally.html
- Massive WannaCry/wcry Ransomeware Attack Hits Various Countries: Trend Micro - http://blog.trendmicro.com/trendlabs-security-intelligence/massive-wannacrywcry-ransomware-attack-hits-various-countries/
Correction: This article originally stated that WannaCry is activated by clicking on email links or compromised URLs. WannCry does not in fact need user intervention to do its thing. Thanks Kyhwana (https://keybase.io/kyhwana) for pointing out our error.
Access to fast broadband is allowing startups to set up shop in their hometown.
Once known for its Eureka moment, Ballarat became a major settlement following the Victorian gold rush in the mid 1800s.
While that gold rush saw prospectors rushing to the town in pursuit of the yellow metal, the Ballarat of today is a goldmine for young startups.
George Fong provides a backdrop to how NBN is helping young Ballarat startup company Retsim.
At Lateral Plains we’d like to add our voice worthy celebration of women and their achievements on this International Women’s Day 2017. Too many true business heroes remain unsung heroes. so we would like to pay tribute to one of our most loved team members, Barbara Fong.
Barbara is co-founder, financial controller, business manager and business innovator of our organisation. Whilst a lot of our work gets publicity in the ICT fields, behind the scenes, Barbara has dedicated herself to ensuring that we have a sound business and financial base off which to work. She is the voice of client relations and her innovation and entrepreneurial spirit and expertise have ensured that we have had a sustainable and flexible business structure to allow us to innovate, grow and stay relevant in a fast changing industry.
Few will be aware that Barbara was also one of the four founding members of NetConnect Communications, one of Regional Australia’s first Internet Service Providers She was also executive officer of the Ballarat Regional Multicultural Council at a time when the organisation successfully negotiated with the Federal Government to settle 10 refugee families into Ballarat. She was an essential part of a team that was pivotal in getting these families settled and is still recognised by many of those who have remained in Ballarat.
Barbara continues to be the mainstay of Lateral Plains and continues on as a mentor and leader to the team here.
Happy International Womens’ Day Barbara, from the grateful and appreciative Nerds at Lateral Plains.
8th March 2017 - International Womens' Day
R.I.P. email. Well nearly. While the number of email accounts continues to grow rapidly, I'm predicting that email, as we know it today, will fade away as the world's most pervasive form of digital communications—possibly within three to five years. It’s not just that there are other ways by which people are communicating, it’s also because email is increasingly a risky way to communicate.
Let’s start at a simple level. Sending an email in the way that most of us do today is much like sending an old fashioned letter, one that is paper clipped to the outside of the envelope. The general population either doesn't know, or doesn't care much about whether anyone sees what in their email.
There are some professions who could, and probably should, protect their communications when sending them across the public Internet. The protection that most email users rely on is simply the sheer mass of emails being sent on a daily basis. And that their ISPs do the right thing and adequately protect their communications in transmission and in storage.
Unfortunately neither proposition holds up. Firstly, while going through the sheer mass of emails is a gargantuan task, it’s not impossible and email doesn't make it hard to search or parse if you have a clear idea of what you are looking for. Secondly, there are no industry standards as to how digital communications should be stored and what safety parameters should be put around that storage.
A significant number of users use POP mail, which most likely means the email is eventually offloaded on to the user's PC or device. It’s generally not the most secure environment.
There is a sense of security if the transmission of the email is encrypted (most devices and servers are (and should be) capable of talking to each other via SSL or TLS.) but that doesn't really address the issue of the storage of those emails. So how about we just encrypt email?
Savvy users know about creating and registering PGP keys. They know how to share their public keys to other savvy users. They can send encrypted emails as well as receive them, but at the moment, setting up good PGP encryption on your email is hard. It is essentially out of the technical reach of most users. PGP encryption is made hard by the lack of support for it from many email programs (usually it’s via an external plugin). And, of course, it will only work if the other party to your email is doing the same thing. Most larger corporate have no excuse, but they're still not doing it.
As a primary communications protocol, you wouldn't exactly call normal email systems secure.
We should also consider, of course, the issue of email as a tool of malevolence. Spam accounts for about 80% of global email traffic. The majority of malware and trojan systems that infect vulnerable PCs and devices are, by far, delivered via email either directly as a payload or through a phishing link.
Many service providers (including ourselves) offer email filtering as a standard part of our commercial email offerings, but nothing is 100% foolproof and not all email systems are filtered adequately. Email filtering is essentially a catch up exercise—putting preventative measures into place once you have found something bad permeating through email.
In-house corporate mail servers, especially those operating under a desk in an SME's business, are notoriously variable in the protection they offer. (For corporates using cloud based mail services, the news is getting better, but it’s not perfect. There are increasing concerns about which jurisdiction(s) corporate email resides in, and who is capable of accessing and analysing them.)
Email filtering is a complicated and resource intensive activity. Our filtering systems do a barrage of tests on every single email that attempts to come in, ranging from a preliminary check of the destination, to granular inspection of the content. One of the first lines of defence introduced is a cross check of Realtime Blackhole List (RBL) databases. Does the sending IP address show up as a spam source in any of these databases? Yes? Then the mail server doesn't even complete the handshake and the email never leaves its source.
Eighty to 90 percent of all email delivery attempts are rejected by our systems at this point. We rely heavily on a number of those RBL databases out there and they are very effective—for now. With the advent of IPv6, while we have not seen a huge surge in spam across IPv6 protocols yet, the bottom line is that the sheer number of IPv6 addresses out there will mean that literally every single spam email could have its own IP address. A different approach will be needed. A lot of organisations are putting their minds to the issue but until email via IPv6 becomes mainstream, we don't have all the answers.
As stated by Spamhaus, one of the leading RBL database providers:
“We expect that unforeseen scalability issues can be addressed incrementally as they start to make themselves apparent. Current traffic in the nascent world of IPv6 email today is of little use to predict what will happen when people start "using it for real".
Now that's before the email gets into the systems themselves. After that, a veritable and ever-changing barrage of form, header and content checks are done. Many are done against filters that are updated hourly. Anything that doesn't pass muster gets quarantined. Out of the 10 or 20 percent or so of emails that do get into the system, around 10 to 15 percent end up in quarantine.
Overall, legitimate emails account for a small minority of email traffic. Clearly email is still an effective vehicle for delivering badness of many kinds, whether it’s phishing scams or payloads for malware and/or botnets.
Putting this in perspective, corporates are sending lots of their main communications down information highways that look more like combat zones. But there are many signs of change.
In the health and medical field, secured, encrypted messaging is non-negotiable. Companies such as Argus Connecting Careprovide essential point-to-point encrypted messaging for medical practitioners, specialists and hospitals.
Increasingly, government procurement portals provide ways in which businesses and non-profit organisations can submit tenders, reports, schedule events and activities and correspond. And, of course, there are a plethora of cloud-based groupware and project management systems such as Basecamp that provide complete end-to-end management, document handling and communications systems. Email is in many cases an optional function.
Perhaps what is noteworthy is that there are cultural changes in the way that we are communicating. There is now a generation of people moving into the workforce who were brought up on the Internet. Their primary form of communication is mobile and it’s social—and it’s one to one. Whereas you will receive email from anyone who has your email address whether you like it or not, with many forms of social media, you can choose who you want to talk to and how.
In the same way that smart phones are now used less and less for “traditional” phone calls, there's already clear evidence that email is falling out of favour with family and consumer users, which is from where this young generation is transitioning.
It’s interesting to reflect on the fact that email pre-dates the Internet as we know it and operated on hermetically sealed mainframe systems, where terminals were connected directly to it. In typical fashion, the innovators who integrated email into the Internet could scarcely have contemplated the explosion of its use by so many different quarters of the human population—or the dangers that would arise.
In typical fashion also, fixes, add-ons, extensions and myriad different technical adaptations of the original mail protocols have been applied to keep bad human behaviour and exploitation (and that's the heart of the problem really) at bay.
At the end of the day, it is a very hard job to keep emails clean and safe. I think we have to start questioning whether it’s viable or even worth the effort to keep breathing life into email.
This article is brought to you by Enex TestLab, content directors for CSO Australia.
Original Article appeared in CSO online in 2014