Wednesday, May 17, 2017

WannaCry Ransomware Discussion

WannaCry Ransomware

These are the "observations" as of this writing. Note that I have rated each "fact" as to the plausability:
  • not likely (N)
  • speculative(S)
  • plausible (P)
  • likely (L)
  • true (T)
For the best technical discussion, go to https://www.bleepingcomputer.com/news/security/wannacry-wana-decryptor-wanacrypt0r-info-and-technical-nose-dive/

Observations

  • The WannaCry Ransomware was a worm (T) (1)
  • It got on to computers through users clicking on a link in an email (T)
  • It encrypted data (T). Note that encryption takes time, so it is likely that the worm did not make itself know immediately. (L)
  • It demanded $300 to unlock the data (T). After a definite time, it increased the demand to double. (T) There are conflicting reports on whether or not the WannaCry creators unlocked the data if the ransom was paid (T).
  • It locked the screen and could not be killed through the normal Ransomware kill methods taught in class(T). That is because it was a separate program (worm) and not a hack of a browser. (T)
  • It exploited a Microsoft operating system vulerability that NSA knew about (T)but Microsoft did not know about or didn't care to fix (P).
  • The vulnerability was at least in Windows XP. (T)(2) I haven't found any references to later releases.(T) What confounds me is that Microsoft stopped providing support for XP in 2014.(T)(3) I just don't understand the-yes: stupidity- of people who think they can continue to use XP. (P) This apparently includes very large organizations, including national organizations. (T) Good Grief!
  • WannaCry apparently exploited the lack of firewalls on individual computers on the network in order to infect all the computers on that network (L).
  • WannaCry was implemented using some tools stolen from NSA by a hacker "group" called Shadow Brokers (T) (1). This group likely includes at least one member who works for the US Government or one of its contractors (L)(1). The leaks/espionage from the "deep state" has remarkably increased since the last election. (T) There is a likelihood that phone communication will become insecure, as well as any personal information retained by the US Goverment. (P)

Lessons Learned

Most of these lessons underscore what has been discussed in previous blog posts and in my IoT Security Class.
  • Don't click on links that go to places you don't recognize
    • Hover over the link to see what it is
    • If it is a "tiny url" use a tiny url inspector (web site or extension) to get the true destination
    • Though tedious, use black and white list extensions to guard against going to bad sites. Use WOT or other security inspector to inspect urls. Security suites offer some support as well, but don't count on them to protect you.
    • Resist the temptation
  • If you still use XP, then stay off the internet! Period. (3)
    • If you want to use the internet, get a better operating system.
    • If you want to keep your computer, then switch to a efficient and relatively secure Linux Distro like Ubuntu or Mint.
  • Keep up with system updates
  • Use a continuous backup scheme to back up your data. This is likely to require that you use (pay for) a commercial cloud backup or have the discipline to use Google Drive or Microsoft OneDrive.
  • On a reasonable schedule, after assuring your device is clean, back up an image of your device
  • Use a firewall, even if you are on a local network and you connect to a router.
    • For Windows, the Windows Firewall for Windows 10 is fine. Otherwise, use a security suite that has a firewall or download a standalone soft firewall, such as Comodo. Study how to effectively use a firewall.
  • This is a subtle lesson, more based on my experience with how this kind of thing usually happens than any "knock on the side of the head revelation." I find that if you are using your computer for business as well as pleasure, then completely separate your business from pleasure. Do NOT use a business device for pleasure.
    • Don't do personal email from your business device.
    • Don't browse for personal purposes from your business device.
    • Don't download any application.
    • Don't put personal flash drives in your business device.
  • These lessons learned are not just for Microsoft users! They apply to the entire IoT, including IOS, OSX, Android, and Linux Distros.
References
  1. http://www.mcclatchydc.com/news/nation-world/national/national-security/article150827507.html
  2. https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
  3. https://www.wired.com/2017/05/still-use-windows-xp-prepare-worst/
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Printfriendly

Print Friendly and PDF