Phone Number +1-202-802-9399 (US)

ThycoticCentrify is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Oops! Your files have been encrypted! How to avoid that dreaded Ransomware Message

Written by Damon Tompkins

May 17th, 2017

Even People Who Know Better Fall Prey to Cyber Attacks.

After all, it wasn’t a bunch of Facebook junkies or six-year-olds who clicked on the e-mail links that launched WannaCry (also known as WannaDecryptor) ransomware attacks that infected computers in as many as 150 countries.

Instead professionals in the workplaces of the world were caught off-guard giving life to worms that crawled the networks of hospitals in Great Britain, Russia’s Interior Ministry, a university computer lab in Italy, France’s car maker Renault, Portugal’s Telecom among many, many others, and locked them down until Bitcoin was exchanged for decryption keys, Windows patches were installed, or a fix was found.

Changing User Behavior will not Solve this Problem

Workers were not the root of this problem and changing their behavior is not the solution. After all, out of the many, many workers who got the malicious e-mails, only a few had to click on the links to cause the spread of malware among hundreds of thousands of endpoints.

The antidote to the problem lies in tools that enforce least privilege policy.

The hackers, in this case, probably leveraged a spray-and-prey approach, not necessarily going after anyone in particular. Once a user clicked on the malicious link, Wanna Decryptor encrypted user files, using AES and RSA encryption ciphers, enabling them to precisely decrypt system files via a unique decryption key. Attacked victims were then sent alerts like the Please Read Me!.txt file which provided a way to contact the cyber criminal.

In the Wanna Decryptor attack, some victims were made aware of the hack when the wallpaper on their computer abruptly changed asking the victim to download a decryptor from Dropbox. The decryptor then demanded hundreds in Bitcoin to be activated.

Ransomware message: your files have been encrypted

Victims of ransomware attacks get to see this instead of their valuable files.

Must-have Ransomeware Resources:
Download our 2021 Free Guide – Ransomware on the Rise: Best practices to become more resilient so you can avoid being the next ransomware victim.
Read: New Ransomware Model Presumes Honor Among Thieves

And while some of the affected in places like Russia’s interior ministry, Spain’s utility provider Gas Natural, and even customers of a railway ticket machine in Germany, were terribly inconvenienced, the attack on the National Health Service (NHS) in England and Scotland caused the cancellation of operations, like heart surgery, because patient records could not be accessed.

Temporary Relief is Not a Solution

CEOs and CIOs worldwide breathed a sigh of relief when Microsoft stepped up and issued a patch (MS17-010)  right after the attack, given that the affected computers were running outdated software like Windows XP or Windows Server 2003 which the company is no longer obligated to support. Still, more respite was found Saturday when a British malware researcher, who wishes to be identified only by the name MalawareTech, further slowed the attack by registering a domain name he discovered in the ransomware’s code.

Even so, shortly afterward two variants appeared and there’s little question that there are still more to come. Criminals aren’t likely to stop creating ransomware anytime soon.

Privileged Account Management Keeps Ransomware Out

That being said, there are things that can be done around prevention, detection, and mitigating risk. Consider software like Thycotic’s Privilege Manger. It takes away local admin rights and blocks installation unless the “application” is allowed, which WannaCry or WannaDecryptor would not be.

Free Cyber Security Incident Response Plan Template

The faster you respond to a cyber incident, the less damage it will cause


Like this post?

Get our top blog posts delivered to your inbox once a month.