Ransomware & Unik System's Protection

The ransomware attack that is spooking the world!

The world is reeling from a massive, unprecedented ransomware attack that has affected nearly 100 countries around the world. And, the real extent of damage could take weeks to be ascertained.

Organizations ranging from the NHS in the UK, Russian Interior Ministry, Telefonica, Chinese school system, Nissan, FedEx, police units in India to Deutsche Bahn in Germany are among the worst affected. The list could only grow over the next few days as more organizations and corporates unravel the real impact.

“While the spread of the “Wanna Cry” ransomware attack has slowed due to accidental remedy by a UK-based cyber analyst, concern remains that such attacks could be launched in the near future as the tools for embarking on ransomware attacks are readily available on the dark web.” – Chakradhar K, Co-Founder, Unik Systems

After the incidence of the famous Sony Entertainment hack in 2014, Unik Systems has rightly predicted and invested in the R&D for the last few years to thwart such advanced attacks.

What is ransomware?

A ransomware attack involves attackers taking control of the victims’ systems before encrypting their data and commands with super encryption. Since the keys remain with the attacker, the victims are unable to execute commands or use their data to conduct business.

Usually ransomware attackers demand ransom money to release the keys the victim could use to decrypt. However, ransomware type of attacks could be launched by nation states for non-monetary reasons and during war time for strategic reasons.

What we know about the attack?

While full forensic analysis of the attack could take months to complete, what we know so far can be summarized into the following points:

1.   Exploits believed to have been found and used by the US NSA in systems such as Windows OS were used to design the malware. It is worth noting that an entity called “Shadow Brokers” claimed to have hacked NSA systems and found a dump of exploits which were made public only a few months ago! Now it appears that these tools have become the basis of the attack. Given that the dump is now spread heavily over the dark web, it is anybody’s guess how many such attacks could be engineered soon. In any case the concern is much broader than this dump as new “Zero Day” attacks are launched regularly.

2.   The malware may have been designed based on weaknesses found in operating system, but the malware needed to be spread to large number of unsuspecting victims. Once again, email systems emerged as one of the weakest links. Spear phishing used to make one of the users in NHS to download a file laden with malware, and from thereon usually there is little defense for the organization. We have found malware spreading dangerously in many recent cases using email systems and other open communication systems such as WhatsApp and Skype.

3.   It remains to be seen how the malware spread so fast across so many organizations around the world in such a small time. This highlights the danger of the open communication systems the world has become so used to! A recent article noted that nearly 300,000 internet of things (IoT) nodes have become part of a growing bot (a software application that does automated tasks) that is probably getting to launch significant attack.

4.   It is not clear yet whether identity breach is a reason for this attack, but a number of high profile breaches in the last twelve months found to have been initiated by stealing identity credentials.

5.   It is very likely that most of the organizations that have became victims in the attack were using state-of-the-art anti-virus systems, firewalls and other advanced intrusion prevention systems. It is intriguing that knowledge and analysis-based protection systems are again found wanting to protect from dangerous attacks as advanced persistent threat (APT) attacks are using identity theft and phishing attacks more successfully.

Will your backups protect you from ransomware?

In theory, nobody should be paying any money to the ransomware extortionists. Doesn't everyone have backups these days? Still, according to the FBI, more than $209 million in ransomware payments have been paid in the United States alone in the first three months of 2016, +700% from just $25 million for all of 2015.

To save costs, some organizations do not include all their important files in their backups, or do not run their backups often enough. Others do not test their backups and find out that the systems don't work only when it's too late. Finally, some companies put their backups on network drives that ransomware can easily find and encrypt. It might not be sufficient to back up just the required data and documents. Entire machines may need to be backed up, if they are critical to the business.

Creating an advanced backup strategy is a complicated process, especially for large enterprises with various types of data, files and systems to protect. The complexity and difficult recovery process are also the reasons why backups aren't working.

Our products and expertise can help you in taking care of security in your backup strategy

What can be done to protect from such attacks in future?

At Unik Systems, we have long been arguing that a more radical approach to security engineering is needed to protect from the advanced attacks carried out these days, rather than the common incremental or patch approaches. The world has moved too far towards convenience and SaaS models, which has coincided with the dramatic increase in the threat levels. And, it is pertinent to restore some balance towards security.

“Our deep interactions with various think tank agencies in developing world standard lowest latency & high performance devices, uniquely positions us to develop state-of-the-art solutions for the emerging threats.” – Rajkumar K, Co-Founder, Unik Systems

1.   Open communication systems are a clear and present threat, and something needs to be done with the current email architecture. Organizations have rapidly adopted open messenger systems like WhatsApp, Slack and email systems such as Gmail, to improve productivity and increase business. When using these systems, organizations have little control of on their own data and also how exposed their employees are. Poor onboarding control and key management in these systems means any one can send spam to one of the employees (and one click on these messages opens the window to the deadly malware). It is important that organizations like NHS adopt a more controlled communication system, where clear and cryptographically valid identity is used to establish connections. On a larger note, there is a need to redesign the current email architecture which has outgrown its original purpose.

2.   True digital identity remains a big issue. Research by organizations such as Dell and SecureWorks shows that identity theft is behind more than 50% of all breaches in the US. The recent high profile bank breaches at the Bangladesh Central Bank and the Union Bank of India to access SWIFT systems to transfer large amounts of money were designed by stealing privileged account identity. Once the hacker gets hold of user name/password of an employee (or even a compromised weak two-factor solution like SMS OTP), there is nothing much firewalls or IPS can do. Almost all APT attacks use this approach successfully. Unfortunately, most currently popular identity solutions including multi-factor authentication solutions (MFA) and adaptive/context-based authentication systems are not good enough in our opinion. Allowing someone to access their systems based on their IP address or GPS (most adaptive/MFA systems allow users to automatically log in if they are logging in from their office) is flawed in our opinion at a time when IP address and GPS can easily be spoofed. What is needed is a tightly integrated identity solution that does not require third party/vendor servers in the middle. The more dynamic and randomized an identity solution is, the more secure it is.

3.   In the longer run, there is a need to move towards more secure hardened computing platforms. There is a need to separate secure and unsecure computing at a hardware level. Efforts to handle personal and work spaces at a software level by leading global vendor have not yielded results. Advanced malware can spread in software much more easily. At Unik, we have been working to develop secure compute platforms such as secure reboot USB computers, secure laptops and secure phones.

4.   Secure communication between various entities and users using advanced crypto stacks which are embedded at hardware level. The high profile ATM breaches in 2016 in Asia could have been prevented by using a more hardened communication encryption protocol. Also, we believe that organizations should move towards cyber sovereignty by taking control over their encryption and key management. The high profile router breach in 2015 proves that organizations need to deploy systems that give control over their encryption and key management. Also, the threat of backdoors surfaced when multiuser and networked operating systems became widely adopted.

Unik’s protection against the most advanced attacks!

Our secure hard disk and secure USB products can keep you safe from ransomware attacks by allowing you to create hidden partitions, read-only partitions and more such features to prevent any malware from overwriting your data without your knowledge. All our other products can help you be prepared from any such attacks in the future.

1.   Ensurity Secure Communication System: Ensurity is the only secure communication system in the world designed to offer the features of most open communication systems, while offering security, privacy and control. The feature-rich communication platform enables users in an organization to communicate and collaborate within the organization and with the ecosystem without being exposed to the dangers of spam and data leakage. Like a quarantined system for spreading biological viruses, Ensurity is able to stop the spread of malware in organizational systems. Ensurity also helps prevention of data leakage. Users would now only get messages and emails from cryptographically and biometrically identified users. User onboarding and management is admin controlled and all data is transmitted and stored with encryption. Productivity and collaboration is greatly enhanced while increasing security.

2.   3DID Authentication System: 3DID authentication system is designed to offer tightly integrated authentication mechanism for organizations. Every authentication is based on random tokens, based on true hardware random numbers and non-linear image cryptography. Every authentication session is based on true dynamism that cannot be mimicked by a Man-In-The-Middle. Users can overlay our random tokens on top of biometrics for additional security. Organization can generate trillions of random non-linear image codes offering significant scalability and cost effectiveness.

3.   ZERO Secure USB Computing System: For users who want to opt for more hardened approach to keep malware away, the ZERO secure USB computing system offers a malware-free computing environment. Users can run applications including VPN clients, email clients and other applications from a biometrically-controlled secure computing platform. For users looking to run much larger applications and store larger data, secure hard drives (HDD) platforms also available. We are also designing path-breaking laptop and phone platforms based on the revolutionary ZERO USB design, which will dramatically reduce malware risks.

4.   L4CRYPT and LANCRYPT: Organizations can secure their wide area and multi-protocol label switching (MPLS) communications by deploying our plug-and-play L4CRYPT network encryption system. The high speed encryption system, with industry-leading latency performance, offers several advanced security features. We have now condensed L4CRYPT into LANCRYPT to offer the same level of security for LAN communications. We have also loaded the same crypto stack onto WiFi routers to cut the malware risk from WiFi routers.