Understanding Ransomware

Posted byDaniel Tannenbaum | Category Blog | Date 16 May 2017

There is currently a wave of cyber attacks that is affecting the global online community in the form of ‘ransomware’. This involves cyber hackers accessing a user or company’s data and then demanding payment in exchange for unlocking the data.

The data breach has impacted the NHS, Telefonica and FedEx and the Kaspersky lab claims that there have been 74,000 official attacks across the UK, America, Asia, Europe and South America.

What is Ransomware?

Ransomware is a form of malware that add levels of encryption to a user’s data so they cannot access it. The person responsible then demands a ransom in the form of monetary payment in order to release the encryption and give them access to it again. For the NHS, this caused temporary mayhem as Doctors and staff could not access medical records or contact details.

This most recent attack uses a piece of malicious software called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows. Although Microsoft provided a software update to fix the problem in March, those computers that have not installed the security update remain vulnerable to cyber attacks.

What is the Ransom?

The ransomware demands those affected to pay $300 in order to remove the encryption. But surely to find the culprit you can just track the bank account of the payment? Sadly no, the payments are made through BitCoin which uses blockchain and ledgers in order to hide the identity of any transaction made.

The hackers have said that the ransom sum will be raised at some point. The messages have been translated into 28 languages, highlighting the scale of this breach. Despite the worldwide impact, The Guardian states that only $22,000 has been made by the hackers so far, which questions whether it is worth the effort.

Whilst the NHS was hacked, this was rectified by the National Cyber Security Centre and NHS digital staff who repaired the damage. Primer Minister Theresa May claimed that this was not an individual attack on the NHS but rather an ‘international attack’ and that in pure fashion, the NHS remains strong and stable, with no patient data being compromised during the incident.

How a 22 Year Old Techie Saved The Day

Marcus Hutchins from South-West England, who works for an American intelligence company, Kryptos Logic, heard about the attacks and started to research them. He found the sample of malware behind the issue and noticed that it was connected to a specific domain e.g xyz.com. However, he saw that this domain was not registered on GoDaddy or 123Reg so he bought it for just $10.69.


He explained:

The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second. Source: The Telegraph

By purchasing the domain and changing the code, he was able to stop the attack, from the comfort of his bedroom in his parent’s house. He has since been working with the National Cyber Security Centre and unsurprisingly been given a lot of new job offers!

What You Can To Keep Your Data Safe

As Individual Users

Use common sense: Do not trust suspicious links in emails or pop ups on your computer claiming to be from the FBI or offering support against cyber attacks – you could be playing right into their hands.

Change passwords: There is no harm in changing the passwords for your email address, Facebook and phone. It could be sensible to make sure that the passwords you are using are at least different and not the same ones used across the board.

Get some security: Installing McAfee Secure can be helpful and any other anti-protection for your computer. If you operate on Microsoft XP, you are likely to be at a greater risk so you should consider this very strongly.

As A Company

Back up: You need to protect your website and emails. Speaking to your hosting provider about how much back up you have (should be at least 7 days). At least if you suffer a cyber attack, you can avoid losing any valuable data and be up and running in no time.

Cyber insurance: Protect your private data from data breaches and external hackers with an insurance policy starting from just £100 per year, depending on size of your company. Your insurance will pay for any technical help to repair your computer systems and replace any data. The cover can also contribute towards any legal action from customers that have been affected and also any PR you need to repair your brand image.

Educate your staff: All it takes is one member of staff clicking on a bad link in an email to bring down your entire network. Make sure that you educate your team so they know what to look out for and avoid and assuming everyone is on the same wavelength, you can save yourself from a potential cyber attack.