Don’t Touch That Dial: Local Techs Offer Ransomware Protection

Matthew Perry has some simple advice to help protect yourself from ransomware attacks like the Petya virus that shut down thousands of computer systems all over the world in June.

Don’t click stuff.

“At the end of the day, security comes down to the person with their hand on the mouse,” said Perry, a network administrator and information security officer for the Masters Law Firm in Charleston.

On June 27, a global cyber attack via a ransomware virus called Petya swept through computer systems all over the globe. Before it was over, Petya had shut down the Ukranian power grid, affected the Danish shipping giant Maersk, wreaked havoc on the British advertising firm WPP and attacked pharmaceutical giant Merck.

Closer to home, the virus attacked Princeton Community Hospital, forcing hospital officials to rebuild their entire computer network.

Bill Gardner, an assistant professor at Marshall University who teaches courses in digital forensics and computer security, said the Petya virus is similar to an earlier ransomware virus called WannaCry, which also shut down computer systems all over the globe. The viruses exploit back-door computer access originally created by the NSA that were stolen by computer hackers.

Gardner said a hackers group known as the Shadow Brokers began sharing the stolen hacking tools in the summer of 2016. “They were originally used by organized gangs to get money out of people,” Gardner said.

Ransonware works by taking over a computer and locking up all the data stored on it. The hackers then demand a ransom — usually in Bitcoin — to give the data back. WannaCry and Petya were designed to replicate themselves and spread themselves over entire computer networks.

“They’re dangerous because you might lose your data and never get it back,” Gardner said. “If you’re Coke and you lose the secret formula for Coke and never get it back, you can’t make Coke and you’re out of business.”

But Gardner said, “Even if you pay the ransom, there’s no guarantee you’ll get your data back. They can take your money and run.”

Perry said there are steps that business owners and individuals can take to minimize the danger of a ransomware attack.

He said Petya affected PCs run with Microsoft software, and Microsoft quickly developed patches to protect its systems from the new threat. Perry said computer users should apply the patches and regularly update their computers.

Users also should back up their data and their computer networks, and make sure the backups actually work.

Perry said technicians at businesses sometimes are reluctant to update and back up their computer systems because doing so can be time-consuming and require taking the entire system down. Many technicians at large businesses put off updating and backing up their systems until they absolutely have to.

Perry said hospitals are particularly vulnerable because they typically have highly specialized software. Updates and backups to a hospital’s computer system may cause software somewhere else within the network to not work properly.

But Perry said one of the most basic things employees or individuals can do to keep from getting ransomware or other viruses is to pay attention to what they’re clicking.

Computer viruses often are spread through email attachments, so he suggests users not click on any attachment that looks suspicious.

“If you don’t have a package coming from FedEx, why would you need to open an email from FedEx?” Perry asked. He warned users to be leery of emails that come from people they don’t know or from people they know but with text that doesn’t make sense.

Weird email addresses, oddly-worded emails, bad spelling or grammar could all be clues that something isn’t right.

“If an email only has a link, don’t click it,” Perry said. He also advised against clicking any attachment with .zip or .html at the end.

Because computer technicians quickly shut down the mechanism for Petya to collect ransom money, many computer experts around the globe suspect the virus wasn’t really set up to make money. Many, including Gardner, suspect it was the work of a foreign government doing a dry-run for a future cyber attack.

“There appears to be some kind of nation-state behind this,” Gardner said. Despite the fact that Petya also attacked some Russian computer networks, he suspects Russia is behind the ransomware outbreak.

“Who else would be targeting the Ukranian power system?” he asked.

Original Source: https://www.theet.com/statejournal/don-t-touch-that-dial-local-techs-offer-ransonware-protection/article_d877ebc1-f839-5d09-a512-2dce7036794f.html

Original Date: July 31 2017

Original Author: Rusty Marks