Ransomware: A problem for everyone
Carl Green
Niagara based fine art / portrait / landscape / nature / aerial photographer. Advanced drone pilot license. Gallery prints / videography / web content TLDR: I Get Your Stuff Together. So you don't have to.
In technology news today, another (that's more than one) city (yes, whole city) in Florida was successfully held to ransom when city employees found themselves locked out of their entire computer network by a ransomware attack. This attack cost almost a half million dollars in ransom, and also cost the CTO his job. There were several causal factors, two of which were entirely avoidable. Both have major significance.
First, almost unbelievably in this day and age, the city computer system appears not to have been backed up. When the network froze, the usual remediation methods were unavailable. There was no way to recover, replace, or roll back the ransomware infection. Hindsight is, of course, 20-20. But even I, a private individual, have my ransomware precautions in place. Just in case. That this was not included in the design of such an important system is frankly inexcusable. For any large organization, let alone a city-wide system that runs a major metropolis not to have prepared for such an eventuality beggars belief. In short, after a week of using pen and paper to conduct city business, the only option available to the powers that be was to pay the ransom and hope the attackers supplied an unlock code. Which was quite the gamble. Let's face it, honest citizens don't do this kind of thing, and blackmailers famously keep coming back to the well. A code was provided. Operations have resumed. It will take weeks to clear the backlog, and repair the damage. And that's assuming the attackers didn't install additional time bombs while they were in there.
Second, now that the dust has settled and a semblance of normality has been resumed, analysis of the vector of attack indicates the virus got into the system by the oldest method known: Email. An employee opened a seemingly innocent email. Which is exactly the kind we should all be most suspicious of!
We are all trained and I.T. savvy regarding unsolicited email offering amazing cures, deals, and shall we say romantic possibilities. Those usually come from spoofed email addresses with dubious grammar and spelling, and if they do make it past the spam filters to our Inbox, are tossed straight in the trash without a glance. It's second nature, by now.
But those are not the emails to be wary of.
What to watch for
The trick is to be wary of the emails from your friends, family, and work colleagues.
While for the most part they will of course be genuine, picture this: One of your colleagues email accounts is somehow compromised. Spoofed. Hacked. Maybe they lost their phone, or left their laptop open in a coffee shop. It doesn't matter. The point is, that innocent seeming email could be from literally anyone. You can never know for sure. It could be from your CEO. Your spouse. Your mom. Or someone pretending to be one of these.
Because an email seems to come from a known and trusted source, we trust it implicitly and open it without thinking. And that's bad. Really bad. We should exercise more caution when receiving emails from people we know, not less. Think about a regular virus. Once you are infected, the first thing a virus does is try to reproduce itself. It does this by sending emails to everyone one in your address book: Viruses spread via friends and family, people that you know. Not strangers.
Examples
Here's a couple of simple scenarios.
- You work in sales. You get an email from your boss. The message says "Here are the numbers for the last quarter. Could you check them?". There is a spreadsheet attached.
- You work in HR and get an email from an employee saying "Attached, my updated contact info for your files." There is a macro enabled Word document attached.
- You get an email from payroll that says "We adjusted your salary this month to include your Q3 performance bonus. Please see attached for details".
- While at work you get an email from your spouse saying "Cousin Emily had her baby!" Of course, there are photos, but wait... do you actually have a cousin Emily?
Any one of these could be perfectly legitimate. And therein lies the danger. Simply opening any email risks everything. Particularly if it comes from someone you know. A moment of distraction, a click, and before you have time to say "Whoops!", the company is gone.
It only takes a few seconds to verify with a phone call or a walk down the corridor. "Hey, Jeff, did you just send me something?" If the answer is "No. Why?"... you will be happy you didn't open that attachment. More, so will your colleagues, your company, and your CTO. He just avoided getting fired, due to your vigilance. You will make next month's mortgage payment, and maybe actually get that Q3 performance bonus.
Take away
The bottom line here is that the best firewalls and security systems in the world are completely useless in the face of human error. As the news shows, one misplaced click can bring entire cities to a halt, with long-term repercussions for every citizen living there.
In closing, I am mindful of the words of Ronald Reagan when his administration was working towards Russian nuclear disarmament. He paraphrased an old Russian proverb to get his point across: Doveryai, no proveryai. The words were used in an entirely different context, but they stand the test of time, now more than ever.
'Trust, but verify.'
#ransomware #email #technology #security #cybersec #tech #news #internet