Tale of a Ransomware Hack
Imagine for a few moments that you are the CTO of IT at Mega Big Corporation.
Your team’s job is to make sure everyone’s desktop computers hum seamlessly along the ol’ digital conga line. You keep their desktop applications, hardware, and email working, and make sure the users don’t kill the network or disrupt the internet connectivity’s strong, firm handshake.
When their screens go inky black and lifeless, you do the decent thing and don’t tell them that they clumsily kicked the pronged plug from its electrified floor strip. You soothe their nerves when one single email (the most important email ever written) gets lost in the morass of messages they never want to throw away. Then, you miraculously bring it back with a magic wand to a grateful smile… It doesn’t matter that you begged them last week to archive the useless stuff or write down instructions on how to find missing messages, they always call on you, the message hero, to save them from despair.
So, imagine your surprise when you arrive at work one fine summer morning after a long weekend of barbecues, mosquito repellent, and lite beer, only to find your entire IT staff staring at you wide-eyed and panic-stricken. Outside the glass doors of your IT department are the rest of the employees of Mega Big. They are not wide-eyed and panic-stricken. Instead, they are slit-eyed and salivating, banging on your doors and blowing up your phones, while mouthing borderline language laced with blame. You are only here to serve the company they work for. You are their technical superhero, or so they thought until today when you were quickly demoted to “that one” or “he who shall not be named”.
Feeling vilified, all because of some young man, far away across the sea, who had cleverly tricked an unsuspecting bystander into allowing his creation, a child-made malicious innovation, to derail your workplace tranquility.
The young man is most likely a bright, semi-adult, aged 16-24. His virus, was most likely slipped in on the back of an email, a website, or inside a file of downloadable software updates, disguised primly in a pink bonnet and booties. Looking very cute, it waited until everyone’s guard was nicely down around their knees, and then stripped itself down into an unsheathed string of digital code to show its true colors. Black and snarling.
Written with precision and malice, this virus briefly squirmed around doing this and that. It pulled a few things out of a hidden pocket to scare off any of the toothless, antivirus and anti-malware software that normally kept your computers and network protected. Finally, with all this accomplished, the evil code pulled out a length of rope and began to tie up every digital work-file in sight.
After mere seconds, when everyone’s work files were ruthlessly tied and gagged, the software delinquent took a few steps back to admire its handiwork. When assured that everything was perfectly under its control, it reached into its deepest pocket and hauled out the final insult… a string of code cleverly disguised as a ransom note.
It read like this (please read the following in your very best Dracula accent):
“You have choice not. Send 400 American dollar monies to number bank 8363830489473993746649494934837373. Please! If send monies, files are be alive. If no send monies or call polize on telephone for fuss, all files shall die.”
The facts: Who writes this ransomware hack stuff?
Viruses have been at the forefront of countless global headaches for the last couple of decades. Who these people are, and what motivates them has been the source of endless speculation and research, especially with the advent of Ransomware– the most egregious and humiliating creature to crawl out from the dark side of the internet. We all hate Ransomware hacks, even more than other vicious monsters of the vast internet because, even if the victims pay up, the perpetrators rarely unrope the files. In fact, some victims also fall into the snake pit of identity theft.
Today, Ransomware writers have websites that float around the dark web, a zone of cyberspace that is not indexed by the search engines. These hackers are organized like gangs. They share knowledge about how to write viruses, malware, and ransomware. And now that money and stealing identities are involved, it’s a much more sophisticated hacker’s world with drastically higher stakes.
Still, the personalities and motivations haven’t changed much over the years. Frail egos and chip-on-the-shoulder types that are often cast aside by society usually make up today’s hacker workforce. If we and the rest of the world want to stop the hacking before it does some irreparable damage, we need to start taking a hard look at young coders with this kind of malformed mindset.
But hey, in the meantime, here are some tips to protect yourself, your users, customers, and colleagues.
7 Tips to Avoid a Ransomware Hack
- Check that you have an antivirus and anti-malware protection application on your clients, workstations, and servers.
- Your antivirus and anti-malware protection should read active and enabled (many people don’t notice when their protective software is no longer scanning). If you are not sure if it is enabled or not, click on it. Does it read disabled?
- Open your antivirus and anti-malware protection software and check that it has recent updates from the last couple of days. Why? New viruses and malicious programs are released into the wild daily.
- Keep all the Windows servers and clients on your network updated with the latest Microsoft Security Updates. Why? Virus writers will often write malevolent code that takes advantage of security holes recently announced and patched by Microsoft.
- Schedule a scan once a week or if you accidentally surf to a website that doesn’t appear professional or has unusual delays with connectivity.
- Only go to websites that appear professional. If it’s a tech site and has ads for dating, there may be something wrong with it. It could be infected.
- If you receive an email with a blank subject and just a link or attachment, or a subject that sounds a little too friendly like “Hey, check this out!” and it’s from a business contact, do not open the link or attachment.
Stay safe out there, folks!