Recent attacks against corporations highlight the need for a comprehensive security solution.
It seems ransomware has reared its ugly head once again.
The New York Times reported in late March 2018, The Boeing Company had experienced a ransomware attack impacting numerous company computers. While exact details are unclear, signs point to the Wannacry ransomware variant that proliferated globally in May 2017. The aviation giant released a statement on Twitter regarding the attack claiming:
“A number of articles on a malware disruption are overstated and inaccurate. Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue."
Specifics of the attack aside, it seems ransomware will continue to plague even the largest companies.
The Rise of Ransomware
In one form or another, ransomware has been around since the late 1980’s.
While it has gone through many iterations over the last 35 years, its basic premise remains the same. An infected computer will be encrypted by an attacker and only after paying a ransom — typically requested in anonymous cryptocurrency — will the files be unlocked with a key held by the perpetrator.
Wannacry, one of the most recent and prolific variants of ransomware, impacted an estimated 300,000 computers over a few month period in 2017. The typical ransom for un-encrypting the files on a machine ranged anywhere from $300 - $600. With the fluctuating value of cryptocurrency taken into account, it is estimated attackers have made upwards of $50,000 from ransoms carried out with variants of Wannacry.
While this may not seem like a large sum, experts estimate the total disruption from attacks such as Wannacry could reach up to $4 Billion. Part of this total cost is the downtime experienced by companies after their files are encrypted, but hiring security and media professionals to deal with the fallout after an attack can be equally as expensive.
Targets of ransomware are broad and can vary from individuals to large corporations. The city of Atlanta, GA recently became the victim of the ransomware SamSam, infecting a number of city computers. Many public services were impacted by the attack, from municipal courts to law enforcement. If the $50,000 ransom is not paid within the allotted time, the city risks permanently losing access to vital public services.
Individuals that perpetrate ransomware attacks typically target corporations or public sector entities that have have a wealth of information essential to their operation. This includes members of the healthcare sector such as hospitals and clinics, along with local and national governmental bodies.
While traditional ransomware has been around for years, a new trend threatens to increase its impact exponentially — Software as a Service (SaaS). The concept of SaaS has been taken and applied to ransomware to produce Ransomware as a Service (RaaS). RaaS is a software package containing ransomware available for purchase across the dark web. These RaaS products range anywhere in price from $40 to $1000 and bear a remarkable resemblance to their SaaS counterparts.
RaaS even offers the same support you have come to expect from other software solutions. Many websites feature online chats and Youtube videos demonstrating the setup of different ransomware variants. RaaS is a booming business, only limited by developer’s imaginations and market demand for ransomware tool kits.
Unfortunately for users, ransomware attacks are highly specialized and often go undetected by traditional antivirus software until your files are already encrypted. Some best practices for ensuring your system is not compromised include:
1. Confirming all operating systems and software are up-to-date and patched for the latest security flaws.
2. Practicing caution when visiting suspicious websites or opening email attachments.
3. Maintaining a regularly updated backup of all your files on a hard drive that is independent from your main computer.
A Hardware Solution for a Hard Problem
These precautionary measures will help, but they are not a guarantee of system safety.
The Wannacry attack relies on an exploit known as EternalBlue which targets unpatched versions of Microsoft Windows.
A main component of the exploit relies on a buffer overwrite error which allows the attacker to inject their payload and execute the ransomware attack. There are at least two other classes of errors taken advantage of by EternalBlue including the execution of attacker supplied data and dynamic type errors.
Dover Microsystems is solving the cybersecurity problem at the root cause, the attacker’s ability to take over processors in the first place. The problem cannot be stopped with layers of security software because that software, too, has bugs.
The problem has to be solved in the hardware.
Our processors need to be modified to make them immune to cyberattacks. Dover’s CoreGuard solution does just that by hardwiring cybersecurity directly into the silicon of the processor to stop all network-based attacks, including buffer overflows.
As ransomware attacks such as Wannacry become more prevalent, companies, countries, and individuals alike need to embrace definitive security solutions to protect their most important data from mounting cyberthreats.
Looking for more insight into the latest cyberthreats? Subscribe to Dover's Blog!