I had an epiphany this morning. I was on the train into Philly, and was reading a whitepaper on TDOS attacks and mitigation. In a rare moment of insight, the stars aligned inside my skull and I understood just how frightening the new dialing features of Amazon Alexa and Google Home could potentially be. Any time a new technology comes out, people flock to it like ducks to a… thing that ducks like. I’m fresh out of metaphors, sorry. What we tend to forget is that new technologies are a new challenge to hackers, to be used for ill gotten gains. I was blabbering on at the dinner table, as Pooky’s eyes got glassier and glassier. At one point I believe she may have fallen asleep, hearing only the mwa waa wa mwaa sound of Charlie Brown’s teacher. So out of necessity, I’m here to explain some of the creepier aspects of technology. Today’s topic is Ransomware.
Next week, I present my Masters Thesis on Cryptovirology. If all goes well, I’ll add some letters to my name, and re-gain my evenings and weekends for unlimited leisure time. I’m currently ABD – an acronym that means I’ve completed all my Masters-level coursework, but haven’t given my dissertation yet. Quite literally, it means All But Dissertation. If you haven’t had your head in the sand over the last few years, you’ve probably heard about Ransomware. It’s the boogyman that hides under our beds, jumping out to steal our digital vacation pics and lock them up. Here’s a Geek Guide to Ransomware.
Ransomware is a newer type of virus that affects the Availability of your stuff. That’s a fancy way of saying, it prevents you from getting at, or using, your stuff. Ransomware typically gets on your system when you click on a URL link, and it directs you to an infected web page, which runs some code and pushes the virus onto your computer – the classic Drive By Download approach to getting a virus. Once the virus gets onto your machine, it prevents you from accessing something, and demands a ransom. There are two types of Ransomware – the locker (which locks your computer, demanding a ransom to unlock it), and the crypto ransomware. Crypto Ransomware is the newest threat. It encrypts your files, deletes the original files, and then pops up a nasty message.
Typically, the message will tell you that your stuff is being held for ransom (hence the term RANSOMware). If you want your stuff back, you have to pay them some money – typically in the form of Bitcoin, a type of online currency. The Ransomware popup messages are usually very creative, using fear tactics to get you to pay up. No, it’s not REALLY the FBI or CIA who is demanding payment, it’s just a crafty hacker.
Ransomware has been running rampant across the world over the past year. Different types of Ransomware have grown from just a hand full in 2013, to several hundred in 2016. 2017 is quite possibly the year of Ransomware, with the latest strain (Wannacry) pounding computer systems across the globe. Ransomware is really a bad guy’s dream. It’s easy to seed – you just dump it on some websites, then trick people into hitting that site. Once infected, users have two choices – kiss their goodies goodbye, or pay up. And if you pay up, there is no guarantee that the nasty hacker will actually give your goodies back.
Ransomware was invented back in 1989, when a gentleman handed out floppy disks at an AIDS conference that had a virus on it. The virus, when executed, attacked the victim’s computer and renamed files. To put things back, it demanded that the victim donate money to AIDS research. The strategy and technology was incredibly basic, and easy to thwart. It used a Symmetric key, meaning all you needed to put things back was a single password (key). In 1996, the team of Young and Yung wrote an excellent paper about cryptovirology – that is, utilizing cryptology as an offensive weapon in a virus. They determined that the peanut butter and jelly of viruses would utilize more complex keys (Asymmetric keys), along with an untraceable currency (Bitcoin). It took a few years for creative virus writers to take note – but soon enough, modern Ransomware followed their advice, and the rest is history.
A Note on Keys
I’ve used two terms here that are worth discussing. Symmetric keys are a simple way to encrypt, or lock up, files. This is also called shared key technology, because a single key is used to lock up stuff. That same single key is then used to unlock stuff. Because there is only one key, it’s typically shared with the sender and the receiver. Otherwise, the receiver couldn’t unlock the stuff. And as a result, it’s easier to guess the key and unlock the stuff. If I wanted to send you a secret message, and used a symmetric key on it, I’d have to share the key with you so you could unlock the message and read it.
Asymmetric keys are different. In this case, there are two keys – a private key (that only the owner knows) and a public key (that everyone knows). If I want to share a secret message with you, you would give me your public key. I’d lock up the message with that key, in a one-way process. I could not unlock it, once I did this. The only way to unlock the message would be by using the private key, which only you know, and won’t share with anyone. This type of encryption is the foundation of modern cryptology. You’ll see this technology a lot with email encryption, such as PGP. If I want to keep my goodies secret from prying eyes, I’ll give everyone who I want to communicate with my PUBLIC KEY. They can then send me messages that are locked up with that key. To unlock the message, I use my PRIVATE KEY. Botta bing – my stuff is secure (assuming no one gets my private key). Ok, enough on keys and encryption.
Ransomware locks your stuff up with a public key – and the only way you can get it back is for the bad guy to use the private key, that only they know. It adds complexity and security to the process.
Bitcoin is an online currency that is pretty much untraceable. Because of the high degree of anonymity it offers, it’s the currency of choice on the Darkweb (the seedy underbelly of the Internet). Bitcoin transactions make it possible for the bad guy to get paid, without you being able to (easily) catch or stop them.
OK, Professor, Now What?
For the average home user, your strategy to preventing Ransomware should consist of a few key tools.
- Backups – back your data up. Do this frequently, and in several different ways. I back my data up to the cloud (using Carbonite). I also back my data up to an external hard drive, which is disconnected unless it’s backing my data up. If I were to get Ransomware, my encrypted files would automatically get backed up to Carbonite, and replace my good files. That’s why I need an external hard drive backup that is not connected to my computer. If it were connected to my computer, it would get encrypted when Ransomware hit. This is the number one way to protect yourself against Ransomware – it can’t hurt you if you have your data backed up.
- Patches and Updates – frequently install the latest security and operating system patches on your computer. This also goes for your programs and apps (tablets / phones). Hackers use bugs in the code to install their viruses on your computer / tablet / phone. Make it harder for them – update your programs and operating systems frequently. Think of it like you’re covering holes in the side of your house – holes that mice and squirrels and bats could come in, should they so choose. You want to keep them out, so patch the holes.
- Awareness – users are typically click-happy on the Internet. Don’t be that person. Don’t click on links unless you know what they are. If you get a strange email that baits you to click on a link, don’t do it. This is known as a Phishing attempt. Threatening emails or popups or texts or chats are phishing attempts to get you to click on their links – which leads to an infected website – which leads to an automatic installation of a virus. Chances are, these days, that will be Ransomware. Also – never plug in a thumb drive that isn’t yours. If you find a thumb drive laying on the ground, leave it be. Leaving an infected thumb drive laying around is a very common way for hackers to infect computers. This tactic was used to great effect in the infamous Stuxnet virus campaign.
- Protect your resources – use antivirus software and antimalware software. I’m always asked to recommend one, which is difficult. They all have strengths and weaknesses. It is worth noting that there is no one single tool in this area that will catch everything. Pick a good one that is highly rated (from a reputable site like PC World or similar), and go. Let it run and scan and protect. It’s not going to be perfect, but it’s better than no protection at all.
I hope this helps you in understanding Ransomware attacks, and how to protect yourself.
If time permits, I’ll tackle other bad guy stuff in the near future. Since I mentioned TDOS attacks, it’s worth a discussion on DOS attacks.