I want you to imagine a scenario: you sit down at your computer, ready to get a full day’s work done, only to be greeted by something that looks like this:

At first, you’re in disbelief: is this someone’s idea of a joke? You call your IT team and ask them to explain, only to learn that the very same prompt has appeared on systems throughout your office – and your company. All operations are crippled and no one seems to know when, or even if, they can be restored without paying the anonymous attackers’ asking price of $2,000 BTC.

The recent and massive WannaCry (a/k/a WCry 2.0, WannaCryptor) ransomware attack and subsequent variants played this very scenario out on an estimated 200,000 (and counting) computers across 150 countries. These attacks disabled critical infrastructure systems and civilian services, including the widely publicized shutdown of UK’s National Health Service medical operations and trains and telephone services throughout the region. Such crippling cyberattacks represent the direct menace ransomware poses to our digital world.

I think about that happening in Washington State. Here, where some of the world’s largest most well-known information technology companies have major offices and massive infrastructure foot prints. Here, where major health organizations have thousands of access points to sensitive data. Here, where hundreds of startups are conducting daily operations in a multitude of fields: transportation, financial markets, infrastructure, entertainment.

Ransomware attacks have been on the rise for some time, with more than 4,000 occurring on a daily basis since January 1, 2016. Add in the millions of computers that are (or were) vulnerable to the rapidly-spreading WannaCry, and the magnitude of the problem becomes overly apparent.

One of my favorite reads is Malicious Cryptography, a book by Adam Young in which he explores the concept of viral public key cryptology being leveraged for ransom. The idea has been around since at least 1996, and 20 years later, we’re seeing it punish industries on a global scale.

So what can we do about it?

What Can We Do About It?

I recommend a few relatively simple steps

1. Stay informed
2. Stay patched
3. Stay backed up
4. Stay prepared
5. Don’t pay

Stay Informed

Knowing what ransomware is, what it does, and how it operates and spreads is the first step. A routine security briefing tailored for your employees may be a good way to accomplish this at the company level.

For a deeper dive into the world of ransomware and other vulnerabilities, shoot me a line. I’m always happy to chat about the complexities of computer security.

Stay Patched

As a fellow entrepreneur, I get that routine updates can slow down the speed of business and impact the bottom line, but this is an easy one: Windows and Apple release security updates regularly to supported operating systems, and they let customers know when they’re going to cease support. These regular updates often contain critical patches for security vulnerabilities that have been recently discovered – as happened when, just weeks before the WannaCry outbreak, Windows patched the same vulnerability exploited by said ransomware.

Stay Backed Up

Fundamentally, the ransomware is holding your files or your computer hostage. If you have a copy of your files or a backup of your computer you can restore your computer and recover without having to pay the ransom.

Stay Prepared

Having a computer disaster recovery plan is vital. Running ransomware readiness testing and similar realistic security and disaster recovery exercises and testing is a good idea.

Don’t Pay If You Can

Digital terrorism isn’t new, and it’s not going away. We recommend not paying these criminals to discourage them and even if you do there is no guarantee you’re getting your files back or a clean computer when you do. Also, if you’ve managed to acquire counterfeit or bootleg software, or are still running software that’s not supported, now is a good time to upgrade. If you don’t, your systems can remain vulnerable to known exploits forever.

For a deeper dive into the world of ransomware and other vulnerabilities, contact me directly at adam@dejavusecurity.com. I’m always happy to chat about the complexities of computer security.