Ransomware: What is it? How can we protect against it?

The disruptions caused by Wannacry and Petya during May and June was further evidence of the sophisticated threat posed by cyber attackers.

Unfortunately, some of our own clients (using our shared hosting environment) were affected. This article covers what Ransomware is and how it differs from other threats to uptime like Distrubuted Denial of Service (DDoS). It also talks about how you can protect your own websites.

What is Ransomware? 

Ransomware is motivated by an attempt to extort money. To do this hackers create viruses which block the use of computers until a ‘ransom’ is paid. This is different to DDoS attacks and attempts to hack into secure data which are more about wreaking as much havoc as possible.

Should you pay? Some companies do. For example South Korean hosting company Nayana paid over $1m. The official advice seems to be don’t pay. This seems logical, especially when you factor in that unlike a ransom situation including a hostage there’s no physical exchange. Who’s to say that if you pay they won’t hit you again? You’re going on trust and given these people set out to cause harm in the first place that seems silly.

What are the ones to look out for?

Ransomware isn’t anything new but the scale seems to be increasing. Wannacry for example affected over 300,000 computer systems in 150 countries. 

One thing to factor in is that unlike DDoS and data-hackers you tend to see a build up over time. Wannacry has actually been in circulation since the end of 2016 but only really reached the national news agenda in June 2017.

The Petya attack in late June seems to be less contagious. Like Wannacry it attempts to spread within Microsoft Networks but luckily it doesn’t seem to be able to break out into external networks (Wannacry has an ability to jump from network to network). It has potentially been over-dramatised by news agencies in wake of the Wannacry attack. There has been some infultration into UK businesses but Petya has predominently affected companies in the Ukraine.

How can you protect yourself?

The lesson we learned was that legacy technology, no matter how small a percentage it is of your overall technical estate, can cause problems. 

Most digital agencies now use off the shelf software products to build websites and applications. They have teams of people checking for system vulnerabilities who provide security patches often before malware becomes widely distributed.

In truth, we were a little laxed with some of our clients when it came to upgrading systems. This was partly because some of our clients had some old systems which were reaching the end of their natural lives sitting on our servers. Getting a business case together to upgrade them was not easy and there was understandable push back when it came to dramatically increasing costs to move them onto isolated hosting environments. In future we’re going to have to be tougher.

Aside from this ensuring you have back-ups in place separate to your main solution is always advisable. This means if you are hit you have something to revert back to. One Hospital Trust in the USA paid the Ransomware because the value of work lost which couldn’t be retrieved was more than the ransom being demanded. Good business on the one hand but on the other if they had back-ups in place they could have saved themselves a lot of money. 

What about hosting?

The other thing you can do is to invest in a more robust hosting infrastructure in the first place. One web server and one database is always vulnerable to downtime either from malware, DDoS or a hacker looking for juicy data. A fully load balanced environment with failover would protect you from most malware attacks… providing it is secure. You can read more about that in my last blog in search of 100% uptime.