Laptop overtaken by ransomware

Boards Brace for Ransomware Attacks

The ransomware attack that hit one-fifth of NHS trusts in the UK and thousands of corporations globally, including Spanish operator Telefónica, will have seen boardrooms scrambled for emergency meetings. For this attack entails a number of firsts, not least it being the biggest, global viral cyber outage ever recorded, but also entailing a demand for ransom.

According to Wikipedia: “Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse.”

Not only do victims have to deal with the unwelcome glare of adverse publicity, but the finely balanced judgment of whether to pay the ransom or not. This will be a first for many corporations and if they do decide to pay up, the technical procedure of paying a ransom in Bitcoin is itself no simple matter, as ransomware advisor Elliptic explains.

Not all ransomware is worth paying, advises Dr James Smith, Elliptic co-founder and CEO. Experts may be able to decrypt the ransomware or there may be indications that the attacker will not decrypt your machine even after payment. In the case of last week’s WannaCry attack, there is no evidence at the time of writing that the attacker will ever decrypt the compromised machines.

“Most ransomware attacks follow the same general pattern,” explains Elliptic co-founder and lead investigator Dr. Tom Robinson. “The victim is given a Bitcoin (or other cryptocurrency) payment address and a deadline to make payment. Most people incorrectly assume there is nothing that can be done to identify the perpetrator after payment is made.”

Related article – Risk Mitigation and Continuous Assessment Secure Journey to the Cloud

Ransomware operations usually demand payment quickly, sometimes in as little as 24 hours. It can be difficult for a company to secure large quantities of Bitcoins at short notice. “Most Bitcoin exchanges have Know Your Customer (KYC) policies that prohibit them from selling new clients a significant amount of Bitcoins,” reveals Dr. Robinson.

Large Bitcoin payments can be confusing for companies that are not used to dealing in cryptocurrencies. “Constructing a large Bitcoin transaction is a technical process. You need to define the right transaction fee, verify the destination and sign the transaction appropriately,” adds Dr. Robinson. “Too low a fee and your transaction might never clear; send it to the wrong address and your Bitcoins are gone forever.”

Confusingly in this recent episode, there is no pattern to the attack as victims number not only the cash-strapped NHS but the digital trailblazer and flush Telefónica. As commentary comes pouring in from cybersecurity experts and pundits, a few facts are clear: no one is immune, and in this era of hyper-connectivity, eternal vigilance and good housekeeping are the soundest defence.

Share your views and opinions on this via our LinkedIn Group.

Helen Beckett

Author: Helen Beckett

Helen Beckett is the Community Manager of the Business Value Exchange. She has been a writer and editor for over 20 years and takes a particular interest in the challenges facing the CIO in today’s business climate.