Cyberattacks can often seem difficult to envision; like they happen entirely behind the scenes with invisible ones and zeroes to no real consequence. But anyone on their way to A&E on 12 May 2017 soon learned that cyberattacks can have very real consequences. The same day, the NHS was forced in some cases to turn away patients due to systems disruption as a result of a ransomware attack. WannaCry, had made its way through critical healthcare systems, locking files and preventing health workers from admitting and treating the sick and injured. Ambulances were re-routed and a low panic had the attention of the nation and across many countries of the world. For many, it was the first encounter with the scourge of cybercrime known as ransomware.
It may seem a strange coincidence that ransomware first emerged in 1989 targeting the healthcare sector. At the time, it was propagated by Joseph Popp, PhD, who was researching the AIDS virus and apparently keen to “encourage” others into donating towards the cause. He did so by distributing some 20,000 floppy disks around the world that included a questionnaire which promised to reveal one’s likelihood for contracting the virus. Unbeknownst to those installing the program, it set a counter so that after the user powered on the computer 90 times, it would lock all files and direct them to send hundreds of dollars to a P.O. Box in exchange for a code releasing the files. Thus, out of an almost benevolence was ransomware born.
The problem today is that ransomware is becoming easier than ever to spread thanks to both thriving underground markets for the software itself as well as the many different systems and versions of those systems people use around the world. Earlier this year, Verdict reported a 200% increase in ransomware attacks in the UK. The numbers are shocking but indicative of the kind of low-cost, high-reward venture this kind of cyberattack entails. In fact, because of challenges with ultimately identifying individual perpetrators, there is almost nothing but upside for those whom use ransomware tools. What’s more, officials are still unsure about what to do with ransomware. Some argue that paying the ransom further fuels criminal activity and proves the case that it works, while others see the importance of more immediate access to critical systems, rendering payment in exchange for reduced pain.
The good news is that there are easy steps that both organisations and citizens can take to strengthen their defenses against ransomware. First and foremost is to ensure all information, or at least that which is most critical to normal business operations, is regularly backed up, kept in different locations and restored to validate that your backups do actually work. Second, it is essential that both companies and individuals regularly update software. For large organisations, this can be a challenge.
Here is where cyber threat intelligence can lend a hand. Having analysis at the ready can identify and prioritize patches to ensure the most critical vulnerabilities are managed. For individuals, this is even easier and usually comes down to accepting updates as soon as they come in. Yes, it can be annoying to restart the computer and wait for a 20-minute update, but it could be far worse. Alos, knowing what the strain of Ransomware is as it arrives into your organisation will enable quicker validation and remediation.
Ransomware is a great equalizer in cybersecurity. Where some problems may be confined to larger companies with more valuable caches of information, ransomware can take a more decentralized approach. It can lock down major organisations hoping for windfall paydays or it can spread throughout individual users looking to scoop up a few hundred here or a few hundred there. Paying ransom is inadvisable, but no one wants to ever find themselves having to choose between making a payment or losing cherished photos or crucial documents. In this case, a penny of prevention is worth far more than a pound of cure.