Thursday, June 1, 2017

“Ransomware”: Technology Hazard or not?

By Tim Bartos
For those who have been watching the news lately, the propagation of a malware called “WannaCry” has sparked a wake-up call from technology experts and governments alike. This malware, known as ‘ransomware’ spread rapidly across the world in mid-May, affecting FedEx, the United Kingdom National Health Service, Renault, and many countries across the globe. However, for those ‘out of the loop’, here’s the story behind what ‘ransomware’ is.
What is ‘Ransomware’, Anyways?
Ransomware is a type of malware, or ‘malicious software’. Existing since the rise of Microsoft operating systems in the early 1990’s, malware is usually separated into two categories: viruses, and ‘Trojans’, which usually describes their method of ‘entering’ a user’s system. Some types of malware can exploit two or even more methods of transmission.
Viruses, like their biological counterparts, are spread through infected files or programs from computer to computer, such as email attachments or downloaded files. Viruses tend to thrive off of multiplying themselves and their code across many files within a user’s system, essentially opening the door for more spreading, like a real-life infection.
“Trojans”, in reference to the ancient Greek story of the Trojan horse, are files designed to mislead the user into installing/executing, allowing malicious code to be executed, thus letting the creator of the malware add any form of malicious alterations. Most commonly, a ‘backdoor’ is installed, such that an outside user can manipulate files within a computer in order to find important information to steal.
While ‘ransomware’ is traditionally not a category of its own, ransomware can exist in both of these categories, and can be transmitted in a similar fashion. However, the outcome of a ransomware is what makes it unique. After infecting a user’s system, all of the user’s files are encrypted, or modified such that they can only be read with a certain code, or ‘key’. The user will traditionally read a message which notifies them of their files being encrypted, and usually demands a monetary sum in return for the ‘key’ to unlock their files.
The history of ‘ransomware’ is fairly new, and ‘WannaCry’ is a new contender. The first major malware attack was that of “CryptoLocker’, a ransomware which utilized Bitcoin transactions to allow for easy, untraceable money exchanges. Before the existence of Bitcoin, cash transactions were easy to trace. However, in an internet like ours, this is no longer the case, and ransomwares can earn millions of dollars without any consequence.
What makes ‘WannaCry’ so Bad?
Computer viruses and malware have existed for decades, and most often exploit vulnerabilities in computer systems. As computer systems advance, changes in the form of ‘patches’ remove known vulnerabilities. This is why malware from the 1990’s cannot harm us today—we have removed its method of propagation. Additionally, many computer security companies work around-the-clock to find and fix loopholes before the average consumer is exposed to any excessive danger.
However, this does not mean that all computers are protected. Large computer networks, especially those in business settings, are expensive to update and ‘patch’. For this reason, many consumer services like checkouts at the grocery store still run on older versions of operating systems, like Windows XP or Windows 98. As these systems age, the chance that old vulnerabilities are exploited increases exponentially. This is the reason many regular consumers don’t need to worry about “WannaCry” and its demand of 300 dollars—your system is likely up-to-date and well beyond the vulnerabilities of older systems affected by this malware.
Help! I got ‘WannaCry’!
If you are affected by a ransomware, it’s important to stay calm. While it may seem like the only option, paying the sum of money required to decrypt your computer is not a guarantee. Even if your computer is decrypted by a code given to the malware, it is also not a guarantee that the software will be removed at all. In fact, several ransomwares continue to operate in the background of computers which have paid—which signifies the user is vulnerable to malware threats—and steal more information without the user even knowing. These targeted individuals are almost always the ‘technologically unproficient’ in our society.
However, there is a solution. Several ransomware viruses have been documented, and security agencies have created software that can simply decrypt the system, albeit over several days. Additionally, new technologies can detect ransomware’s encryption before it can complete, allowing an analysis of the malware, and ultimately, a faster solution.
Otherwise, the simplest solution is always to exercise caution when sharing and downloading files on the internet. The only way for malware to spread is through vulnerable computers—checking to verify the legitimacy of every file we receive from the internet and the programs we install limits the chances that a computer virus slips under our radar. To be extra sure, make sure to keep your security programs and operating system up-to-date to be less vulnerable to existing exploits.
If you’re looking to learn more about the WannaCry ransomware, I recommend this timeline of stories regarding the malware by The Verge: https://www.theverge.com/2017/5/14/15638026/wannacry-ransomware-updates-cyberattack-cybersecurity
If you wish to learn about ransomware in general, you should check out the Microsoft Malware Protection Center. Microsoft is one of the biggest targets of malware—and they’ve got a lot of resources to learn from. You can access the article on ransomware as well as find other articles at https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx.
Image Citation

WannaCry Virus Notification. Digital image. The Verge. The Verge, 14 May 2017. Web. 24 May 2017. <https://www.theverge.com/2017/5/14/15637888/authorities-wannacry-ransomware-attack-spread-150-countries>.

No comments:

Post a Comment