Ransomware – A Threat To All Data

Ransomware – A Threat To All Data

posted in Cyber-SecurityRansomware ● 3 Apr 2018

Ransomware has been a major threat to organisations for several years and while the effects were felt globally in 2016 and 2017, in 2018 so far it has been reasonably easy to forget about the threat posed. However, like a constant reminder ransomware strain, WannaCry has reared its head with global aircraft manufacturer Boeing getting stung.

The original WannaCry attacks date back to May 2017, at which point Microsoft had already released patches to deal with the vulnerability, so it may be a shock to some that the strain is still infecting networks, especially those belonging to multi-national organisations whose IT networks should be highly secure.

On March 28th the Seattle Times first broke the story that Boeing had become infected, in some parts, by the ransomware strain. The response by Boeing was to isolate the machines infected and issuing an “all hands on deck” response for fear of the infection spreading to “airplane software”. Mike VanderWel, chief engineer at Boeing communicated that a call with “just about every VP in Boeing” had taken place, emphasising just how important of an issue the company saw this as. Several hours later Linda Mills, head of communications for Boeing stated:

“We’ve done a final assessment… The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777-jet program or any of our programs.”

The return of WannaCry

WannaCry infected in the region of 300,000 organisations in May 2017, in just 3 days. The speed of the attack and range of organisations hit meant that it made headlines across the globe and brought ransomware to the attention of many. The continued use of the strain could be down to its effectiveness and the ease at which it can be deployed, email being the easiest way. Boeing becoming infected means that at some stage best practice network management has not taken place – machines had been left unpatched in over a year.

In addition to monitoring machines and utilising antivirus protection, it is vital that organisations regularly update and patch machines. This ensures the latest vulnerabilities discovered by manufacturers and software vendors are made secure, ensuring cyber-criminals cannot exploit them.

German .gov comes under attack

Cyber-attacks have claimed high-profile victims in the past including Uber, Yahoo and the NHS (UK). In early 2018, the German government has come under attack, admitting that the computer network for the foreign ministry had been breached. The source of the attack is unknown but analysis has shown that it could be linked to the hacking group APT28, sometimes known as fancy bear and associated with Russian activity.

The attack which appeared to be ‘technically sophisticated and planned in advance’ may have taken place over the course of a year, which signs of an intrusion being picked up in September. It is thought that a strain of malware had given access to some systems but while no data had been actively stolen the attack is said to be ‘ongoing’.

A threat to all data

Ransomware strains typically encrypt data on a file server or network, rendering it inaccessible until a ransom has been paid. This leaves users with two choices: pay the ransom, hoping that the perpetrators adhere to their word; or restore systems from a previous backup. However, with ransomware strains evolving to make them more effective the method of restoring data from a backup can be at risk too. Many variants of ransomware are designed to attack specific file types. There are some strains that perform volume-level encryption or that attacks all files, regardless of type. Therefore, any backup that’s directly accessible through a computer’s file system is vulnerable to ransomware. Ideally, a backup application should be able to pull data from a protected host without that host requiring a direct mapping to the backup.

Securely backing data up off-site or at least off a primary network adds a layer of resiliency that on-site backups don’t, ensuring backup sets are available on-demand.

Public cloud offerings can also be put at risk from ransomware and malware strains, with corrupted data or malicious files being accidentally stored or accessed in platforms.

Staying protected against the threats of Ransomware

Protecting against the threats of ransomware and other cyber-threats should be a priority for organisations, the threats themselves can cause downtime and disruption but the associated reputational damage can be felt further with customers, employees or investors losing faith in the organisation. Although certain backups can be infected by ransomware strains, it is vital to ensure your organisation has a secure off-site copy of data that cannot become infected and that is guaranteed for on-demand recovery when it is most needed. To find out more about ransomware, how Redstor can help you stay protected or cloud backup, get in touch now.

Is your medical practice a top ransomware target?

Reading, 17 January 2020 – Since the early 2000s, medical professionals have increasingly been choosing electronic patient records over paper. Although digital records are certainly easier to access and harder to lose or destroy, they are by no means immune to disaster – and organisations have more to worry about than just fires and floods.

Continue reading

O365 cyber attacks stress need for isolated backup

Reading, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why when Microsoft announced this year that it has more than 180m active commercial users every month.

Continue reading

Game-changing pricing for O365 protection

Reading, 24 October 2019 – Redstor, the UK-headquartered company disrupting data management, will be demonstrating a pioneering technology at the Gartner IT Symposium/Xpo™ in Barcelona that slashes the cost of Office 365 protection.

Continue reading