Monday, May 15, 2017

Ransomware: It's the end of the world (as we know it)

Well, it's not but stick with me.  Late last week some Bad Guys released a ransomware attack (malware that encrypts your files and refuses to decrypt them until you pay them money).  This attacked computers all over the world, and shut down some hospitals in the UK among other unpleasantness.  Brian Krebs has a good article with background.

Over the weekend, some White Hats figured out how to turn it off ("kill switch").  The whole thing looks to be a big old wet firecracker.

But hang on:
Miscreants have launched a ransomware worm variant that abuses the same vulnerability as ‪the infamous WannaCry‬pt‪ malware
Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, although this is subject to some dispute.
Some day soon there will be a version that won't be easily shut off.  That will be the End Of The World (as we know it).

Except maybe not.  So what if your files are all placed off limits by malware encryption, as long as you have another copy.

I have been posting about this for a long time, and co-blogger ASM826 (who does IT for a living) has been talking about this, too.  Here is a starting point for some information about why this is important.  Get a backup service (one of the ones where your data gets uploaded to their cloud) and then you will be basically immune to ransomware - if you get infected just reinstall the OS and restore your data from the cloud backup.

So the ransomware is getting nastier, and it's the end of the world as we know it.  But if you back up your data, you'll feel fine.

UPDATE 15 May 2017 13:14: Hat tip to Lawrence Person of Battleswarm Blog for the "Make Big Money" graphic.  You are reading him every day, right?


SiGraybeard said...

I have a local cloud, but what bothers me is what happens if the ransomware sits on your computer long enough to be in your backups. Say it sits on your computer a month before going off.

So you wipe the computer, spend a day installing Windows Updates, restore from your backup and reinstall the malware.

Eagle said...

Stop using Microsoft.

Start using Linux.

And when you use Linux, NEVER LOGIN AS ROOT EXCEPT FOR SYSTEM MANAGEMENT. Use a normal user account.

Brass said...

Apparently some people are paying. So far there is slightly over $59,000 in the Bitcoin purse they set up to take the ransoms.

Rick C said...

Wake me up when my games and LOB software run under Linux. Until then, don't waste my time telling me to switch.

Also, it's not 2001. You can run Windows as a non-administrator.

Lawrence Person said...

While I did send the Make Big Money graphic, it was actually created by SF writer Paul Di Filippo.