If you’ve seen the news recently, you’ve almost definitely seen people talking about a widespread digital attack on hospitals around the UK, in many cases preventing staff from helping patients, and causing some major problems for those affected. With a lot of confusion about how everything happened, we’re exploring what happened, and taking a look into ways in which you can minimize the threat that ransomware poses to you.
What is Ransomware?
Firstly, some background. Ransomware is an increasingly well-known form of malware, designed by malicious programmers, and typically used as a way to extort money. Essentially, ransomware typically locks down files on the affected computer, demanding that a ransom be paid to the creators or a separate party before the files are unlocked.
Ransomware dates back decades, with early examples being found as far back as the late 80s. However, there’s a few reasons for its recent surge in ‘popularity’, as it were. Firstly, people and organisations are more dependent than ever on the proper functioning of their computers, with data outages costing companies vast sums of money and presenting a major inconvenience for individuals.
Secondly, ransomware creators can now be far more assured of their safety and anonymity than ever before. As you might expect if you’ve seen any crime dramas, receiving a ransom without getting caught or tracked down presents a particularly difficult task. However, in recent years, the emergence of cryptocurrencies has given cybercriminals a new level of safety.
Essentially, these currencies are designed to allow for anonymous transactions, which means that the ransomers are often practically impossible to track down – hence the huge rise in ransomware breakouts in the last few years.
Recent Ransomware Releases
There’s quite a few misconceptions flying around when it comes to the recent infections. Describing the events as an ‘attack’ is something of a misnomer – there’s no evidence that the NHS has been intentionally attacked, with the ransomware that’s been affecting hospitals apparently being an off-the-shelf program rather than the custom design you’d expect, with a far lower ransom per hospital than you’d expect from a direct attack.
It seems that the most likely course of events is the following: a computer in one hospital or another contracted the ransomware, which spread itself behind the scenes through the NHS network, before recently breaking out and causing widespread disruption just the other day – the delay likely being designed in order to get past some backup systems, maximising the chance of someone actually paying the ransom. In some cases of infection, the malware won’t have activated, due to the program not being proxy-aware.
Coincidentally, the authors of the ransomware made one major error – they forgot to register a domain they’d connected to the program. Due to this, when security researcher MalwareTech registered the domain, the ransomware deactivated, and should have restored files across all infected systems. Again, given the way some press outfits have reported this, it’s very much worth checking out MalwareTech’s writeup of the events.
Since Monday, a new version of the ransomware’s been spotted in the wild, with no ‘kill switch’ functioning. As such, you’ll need to patch up your systems if you haven’t done this already - in some cases, disabling SMB (Server Message Block) may be a good idea, preventing the ransomware spreading further.
It’s also worth being aware that the initial deactivation was particularly lucky - it’s quite likely that, in the future, you’ll see ransomware strains designed to intensify if unregistered websites connected to them are registered - possibly wiping affected computers or increasing the required ransom. As such, it’s important to know how best to avoid infection.
Avoiding Ransomware at home and work
If you’ve been infected by ransomware, it’s worth checking out the NoMoreRansom project - a site designed to share solutions for certain types of ransomware, including several major strains.
While it’s not necessarily possible to be completely secure from ransomware (and other malware) attacks, there’s a few best practices that can help significantly cut down the risk of infection:
Stay patched up: Many ransomware infections take advantage of bugs in software that end up being patched out – by staying up to date with your patches, you can close a lot of vulnerabilities.
Avoid fake emails: A lot of malware, particularly targeted attacks, is spread through email – a message may pretend to be legitimate, while containing malware in an attachment. Here’s some quick pointers for recognising fake mail from TechRepublic.
Use effective backups: While this recent ransomware outbreak’s been designed to defeat basic backup systems by lying dormant for a couple of weeks, having a long-term series of backups can be a major advantage for those affected by ransomware, letting you recover most important files and restore your system.
Keep up to date: Knowing about the latest trends and developments in security and ransomware can be particularly helpful - while there’s a lot of blogs around, we’ve linked a couple of major figures who cover a lot of major topics - security journalist Brian Krebs and Google vulnerability researcher Tavis Ormandy.