Ransomware is one of the biggest threats to business owners, both large and small. In most cases, ransomware can be prevented – yet it’s often not, due to a number of factors (which we’ll explore).
Writing for Business Advice, cyber security expert Robert Dale showcases three of the worst cyber fraud horror stories you’ve ever read, and what could’ve been done to prevent them.
L0cky
L0cky was a ransomware released in 2016 which was spread via email. It showed up in a user’s inbox as an invoice payment request, with an attached Word document. The Word document was infected with malicious macros, but simply opening the Word document didn’t infect the user’s computer. No, Locky required some serious user-error to execute itself.
When the Word document was opened, it was full of a bunch of gibberish, and a single line that said: “Enable macro if data encoding is incorrect”.
“Well, since we’ve already downloaded strange Word documents from suspicious emails, why not follow the Word document’s instructions?” asked every subsequently infected user, as they proceeded to enable macros in Word. Honestly, sometimes I think you should need a license to operate a computer, or be within 5 feet of one.
In any case, enabling macros within the Word document converts the document into a binary file that downloads the actual trojan. Which then encrypts the computer, and demands ransom (in the form of Bitcoin) to be unlocked.
Now, you might think such a virus might only infect your grandma, who fell for that Nigerian Prince scam years ago. But no. L0cky managed to infect hospitals, college campuses, and tons of small businesses.
How could L0cky have been prevented: Well, not downloading attachments from strange emails would’ve been a start. Not following the instructions in a strangely encoded Word document would’ve been a great follow-up. Keeping your antivirus updated is also a smart idea – though you need a good antivirus from a reputable company that keeps their virus definitions updated. If you read this article, it makes a good case for Avira.
__________________________________________________________________________________
What is CEO fraud and how can I identify it?
__________________________________________________________________________________
WannaCry
WannaCry was a ransomware in 2017 that caused billions of dollars in damage globally. It’s a really long story that involves the NSA, Russia’s GRU intelligence agency, Microsoft, unknown Russian hackers, and somehow North Korea.
It was basically a real-life Tom Clancy novel, with some elements of Stephen King’s The Stand for good measure. Remember in The Stand how the world-population-destroying virus basically escaped a secret government lab? That’s the summary of what happened here.
The NSA had been compiling system exploits for a long time, basically coming up with all kinds of nasty system hacks. They created a penetration tool that targets Microsoft Windows, and codenamed it “EternalBlue”. They’ve been compiling these zero-day exploits for cyberwarfare because nowadays, you can pretty much cripple a country’s economy with a good virus. The NSA notified Microsoft, and Microsoft released a security update for Windows platforms. Which apparently, nobody downloaded.
Somewhere along the way, hackers known as the “Shadow Brokers” (this is where it starts to read like a Tom Clancy novel) stole a bunch of data, including a bunch of top-secret hacking tools, from the NSA, and leaked it online. Other “unknown” hackers, though the CIA is pointing fingers at the Russian military, used the leaked data to create a new ransomware called WannaCry, based on the NSA’s EternalBlue exploit.
WannaCry then made its way around the world. As a ransomware, WannaCry’s payload encrypted the MBR (Master Boot Record) of a computer, which basically locks the entire computer from booting up, while displaying a ransom message. Victims were instructed to wire money for their computers to be unlocked.
So while the world was being infected, security researcher Marcus Hutchins (who is actually pending trial on unrelated hacking and malware charges) discovered a ‘kill-switch’ in WannaCry, which he heroically shared with the world. And then a new version of WannaCry came out, with a new kill-switch method, which was also discovered, and then the final boss appeared, a version of WannaCry with no kill-switch at all.
A Scooby group of security researchers from several universities put their heads together and finally defeated WannaCry with encryption APIs, mathematics revolving around prime numbers, and sorcery. Though WannaCry still did around $4bn in damages before suffering defeat.
How WannaCry could’ve been prevented: As we said, WannaCry depended on the EternalBlue exploit “stolen” from the NSA, which was patched by Microsoft. So only companies that didn’t update their computers with the security patch were affected.
NotPetya
If WannaCry was a mean little ransomware on the block, maybe did some time behind bars for boosting cars and selling counterfeit cigarettes, NotPetya was like its evil child created with pure malice in its heart.
NotPetya was released a month after WannaCry, using the same EternalBlue exploit (the one developed by the NSA, remember?). First, it infected a Ukrainian power company, and then hopped over to Denmark and infected Maersk, the world’s largest shipping company. It then kept spreading from there, infecting everyone from airports to hospitals to government agencies.
The worst part is that even though NotPetya displayed itself as a ransomware, it did not list an authentic address for receiving ransom payments. So companies could not pay the ransom, even if they wanted, which led many to speculate that NotPetya was created simply to watch the world burn.
And the world did burn, to the tune of $10bn USD. NotPetya infected a ton of global companies, including a huge number of banks, oil companies, hospitals, FedEx, Maersk, infracture companies like power utilities companies (leaving many citizens without power), and many others.
Now, here’s how it could’ve been prevented: updating computers with the security patch released by Microsoft for EternalBlue. Yes, it all could’ve been prevented with a simple Windows security update. Billions of dollars in damages, because a bunch of global companies can’t be bothered to perform critical security updates. Even after they saw what happened with WannaCry.
I think that’s the real horror story here – our societies depend on companies that can’t install a 500MB security patch, which was made available for pretty much every Windows version available.
If you’re looking for further reading, I’d suggest this article on how to prevent phishing attacks.
Sign up to our newsletter to get the latest from Business Advice.
