+1-202-802-9399 U.S. Headquarters

Thycotic’s CyberSecurity Publication

POPULAR CATEGORIES

Oops! Your files have been encrypted! How to avoid that dreaded Ransomware Message

May 17th, 2017


SHARE THIS

Tags

Even People Who Know Better Fall Prey to Cyber Attacks.

After all, it wasn’t a bunch of Facebook junkies or six-year-olds who clicked on the e-mail links that launched WannaCry (also known as WannaDecryptor) ransomware attacks that infected computers in as many as 150 countries.

Instead professionals in the workplaces of the world were caught off-guard giving life to worms that crawled the networks of hospitals in Great Britain, Russia’s Interior Ministry, a university computer lab in Italy, France’s car maker Renault, Portugal’s Telecom among many, many others, and locked them down until Bitcoin was exchanged for decryption keys, Windows patches were installed, or a fix was found.

Changing User Behavior will not Solve this Problem

Workers were not the root of this problem and changing their behavior is not the solution. After all, out of the many, many workers who got the malicious e-mails, only a few had to click on the links to cause the spread of malware among hundreds of thousands of endpoints.

The antidote to the problem lies in tools that enforce least privilege policy.

The hackers, in this case, probably leveraged a spray-and-prey approach, not necessarily going after anyone in particular. Once a user clicked on the malicious link, Wanna Decryptor encrypted user files, using AES and RSA encryption ciphers, enabling them to precisely decrypt system files via a unique decryption key. Attacked victims were then sent alerts like the Please Read Me!.txt file which provided a way to contact the cyber criminal.

In last week’s attack, some victims were made aware of the hack when the wallpaper on their computer abruptly changed asking the victim to download a decryptor from Dropbox. The decryptor then demanded hundreds in Bitcoin to be activated.

Ransomware message: your files have been encrypted

Victims of ransomware attacks get to see this instead of their valuable files.

And while some of the affected in places like Russia’s interior ministry, Spain’s utility provider Gas Natural, and even customers of a railway ticket machine in Germany, were terribly inconvenienced, the attack on the National Health Service (NHS) in England and Scotland caused the cancellation of operations, like heart surgery, because patient records could not be accessed.

Temporary Relief is Not a Solution

CEOs and CIOs worldwide breathed a sigh of relief when Microsoft stepped up and issued a patch (MS17-010)  right after the attack, given that the affected computers were running outdated software like Windows XP or Windows Server 2003 which the company is no longer obligated to support. Still, more respite was found Saturday when a British malware researcher, who wishes to be identified only by the name MalawareTech, further slowed the attack by registering a domain name he discovered in the ransomware’s code.

Even so, shortly afterwards two variants appeared and there’s little question that there are still more to come. Criminals aren’t likely to stop creating ransomware anytime soon.

Privileged Account Management Keeps Ransomware Out

That being said, there are things that can be done around prevention, detection and mitigating risk. Consider software like Thycotic’s Privilege Manger for Windows and Mac. It takes away local admin rights and blocks installation unless the “application” is whitelisted, which WannaCry or WannaDecryptor would not be.

Want to know more? Find great free security tools here and get started with a free enterprise password management trial today.


The following two tabs change content below.

Damon Tompkins

Responsible for leading a world-class sales organization in the Americas, Damon brings more than 20 years of experience in building and leading high performance sales teams in the enterprise software industry. Prior to joining Thycotic, Damon served as Senior Vice President of Corporate Development for Metalogix Software where he helped create and execute its overall go-to-market strategy as well as the integration of MetaVis Technologies (acquired in 2015) where he was the Vice President of Worldwide Sales & Marketing. He has also held senior sales management positions at Apptio, NetIQ, PentaSafe (acquired by NetIQ) and Idera Software (acquired by Metalogix & TA Associates).

Leave a Reply

*