Tag: Ransomware

Cyber Security Means Not Clicking On That Link

COVID changed the way we used the internet. Whether for streaming TV, buying groceries, or video-calling, many people created new online digital accounts during the pandemic. As we spend more of our lives online, it’s increasingly important to keep information safe online.

October is Cybersecurity Awareness Month, and experts are urging consumers to protect their accounts. That includes being mindful at work where ransomware attacks on companies often happen when an employee clicks on a link that they shouldn’t have.

To find out what we all need to know, Eric Douglas spoke with Bill Gardner, a white-hat hacker and a cybersecurity professor at Marshall University. He says there is a tremendous demand for people trained in the field.

Douglas: October is Cyber Security month. Where did that come from?

Cybersecurity professor and white-hat hacker, Bill Gardner.

Gardner: That was originally floated by the federal government because we need to do better with cybersecurity. Every breach we have is the worst one in history. Right? There’s things users can do to protect themselves, and that’s the whole thrust behind it.

Douglas: Let’s talk about the ever-escalating breaches for a minute. What’s going on for the average Joe? What should I know about my personal cybersecurity?

Gardner: From the top-down approach, agencies who work on this problem need to share data. And they’re not always doing it. We need to keep an eye on threat intelligence, who the bad actors are, so we can do a better job defending against them. As a person, it’s the same old adage. It really hasn’t changed a lot. Be suspicious of email when you don’t know where it’s coming from. If it sounds too good to be true, it probably is. If you get a text message from AT&T, go to the AT&T website or through the AT&T app to see if it’s legitimate or not.

If you’re expecting a package from Amazon, or through FedEx, don’t just click on links that are sent to you saying it’s been delayed. All those things are the things that hook you. We call it phishing. It hooks you into clicking on an attachment or going to a web page that’s compromised. If you look at breaches, probably 97 percent of them are caused by what we call social engineering — phishing. People posing as people in power or authority are who’s getting information from you or from your organization. Look at every large breach. There was phishing as the initial compromise. So it’s a matter of fixing human behavior.

Douglas: It all comes down to social engineering. They’re trying to trick people into doing something to give up personal information.

Gardner: Yeah, it’s basically being a con artist on the internet. That’s as old as civilization itself. It’s just that with technology, it makes being a con artist a lot easier. They can reach people across the world. And you can be in a country where what you’re doing isn’t a crime, or you’re being protected by a host country because you’re acting in their national interests.

Douglas: There are some bad actor countries that are encouraging people to hack.

Gardner: Look at ransomware. Ninety percent of ransomware is coming from Russia. They’re living in Russia and they’re being protected in Russia. There’s videos of the ransomware gangs out driving their Ferraris doing donuts in Kremlin square. So we know who they are, but we can’t reach out and touch them. We can’t go arrest them because they’re being protected by the Russian government. And the Russian government also has ties to organized crime. So all this sort of fits together in this little puzzle.

Ransomware actors have actually started targeting critical infrastructure like pipelines, pipelines, meat processing. I was talking to someone who worked at Budweiser who said that the people that make their brown bottles they put beer in got hit by ransomware. They were offline for two or three weeks. All these things put kinks in the supply chain. Any sort of ransomware hacker that’s acting against the American national interest or is working to destabilize the United States actually helps the national interest of our adversaries, whether it be Russia or any other adversary.

Douglas: We’ve talked about two different levels. There’s the direct human interaction, the phishing, and then there’s this whole other level of ransomware going after the big companies.

Gardner: The initial footholds of ransomware are phishing. Hackers don’t attack firewalls anymore. We’ve done a good job of building these super deep, wide moats around our castles where our data’s housed. Social engineering is directly attacking the inside of this fortress. For example, you can be in the most secure network in the world. But as long as you click on that attachment or open that email that’s when you become compromised. From there, the bad actors can actually pivot through the network.

Douglas: It’s not hackers forcing their way in anymore. It’s somebody opening the door for them.

Gardner: They’re talking their way in. It’s an email, it’s a text message, it could even be a fax. It’s just some way of getting someone inside that organization to give access, whether that’s verbally over the phone. If you call in and pretend you’re part of that organization, and say you need to change your password, that’s a very common one too.

The people doing this are spending a lot of time studying their targets. They’re going to find out who works at the organization, who’s responsible for what, they’re looking at an org chart, they’re going to figure out what technologies are being used inside that organization based upon employment ads.

It takes a lot of time, it takes a lot of money. And in the case of ransomware, gangs, and other organized hackers around the world, they have money because they’re stealing it, and they’ve got time because they don’t have to ever write a report, they don’t have anyone to report to, they’re just trying to sustain themselves. They’re not worried about business processes. It only takes a defender one time to be wrong.

I think the reason we see so many compromises, you’ve got armies of these foreign countries that are using hacking as a way of destabilizing the United States of America.

Douglas: Whether it’s Russia or North Korea or China, it’s actually part of their governmental process.

Gardner: We’ve documented that. The most important thing we do now is share that information across verticals, government, private industry, people who engage in critical infrastructure, power companies, pipeline companies, water systems. These are all things that we depend on. We don’t always think about it, but they’re major targets.

Douglas: One of the aspects of Cybersecurity Awareness Month is some of the educational opportunities. What are some of those?

Gardner: We’ve got a couple of different cybersecurity programs here at Marshall. We are actually in the College of Science. We teach a very vocational, very hands-on program. That makes it different from most cybersecurity programs. You actually use the tools used in the field. We have a cybersecurity program in computer science, which we do a lot of collaboration with, and I actually teach two classes for the College of Engineering computer science cybersecurity program, as well as in our program and College of Science.

There are hundreds of thousands of unfilled positions because we can’t produce the number of graduates to fill the jobs that are needed. So it’s a growing field. It’s an exciting field. It’s high-paying jobs once you graduate. Our students go on to do exciting things.

Princeton Hospital Hit by Ransomware Attack

The FBI is investigating the hacking of the computer system at a West Virginia hospital.

Employees at Princeton Community Hospital were hit by a ransomware attack Tuesday morning and were unable to access files. It is unclear if patient records were compromised.

Hospital spokesman Rick Hypes says the hospital has established protocols for situations in which the computer system cannot be accessed, which ensured a continuation of patient care.

PCH vice president Rose Morgan says nothing is yet known about the origin of or reason for the disruption, but the hack was from an outside source. She said no one has contacted the hospital related to the hacking, which prompted users to recover files by purchasing a decryption key for $300 in virtual currency.

Malware Attack Seizes Business Owner's Files

Imagine you go to pull your social security card or driver’s license out of your wallet, and instead find a note demanding money for its return. The digital version of that scenario played out in one business owner’s computer.

Ryan Whittington owns and operates Club K-9, a dog-boarding facility in South Charleston. He was blind-sided by the Cryptolocker virus, which is a type of malicious software broadly known as ransomware.

“We checked that one customer in, come back five minutes later and our computer was turned off. Rebooted back up. When we rebooted it back up was when the cryptos come in. And we really had no idea what to do with it other than to call one of the computer shops. And they notified us that we need to contact the state police. They had us contact the FBI over it. Everybody took reports but (there’s) nothing anybody was going to do about it.”

Ransomware programs go through your computer without your knowledge and lock up files, encrypting them with an unbreakable code. Then you get a message demanding money in return for a key to access your files.

“With us, they were estimating it somewhere to be around $10,000 if we would have paid it, and a small business like us, we just couldn’t do it.”

Don’t Pay the Ransom

Whittington was advised by law enforcement not to pay the ransom.

Director of Information Security Services at West Virginia University Alex Jalso explains.

“It’s not advisable to pay the money because you’re paying the money to the bad guys and there’s no guarantee that they’re going to give you the information to unlock the files, or they might give you an invalid key to unlock it. Or they might give you a file which could cause further damage to your machine.”

That was true in Whittington’s case. He said a computer repair shop found a second ransomware program embedded deep in his files. The program likely would have been activated once the ransom had been paid.

But the time and money it took to restore the computer system and business files cost Club K-9 dearly — about $8,000 Whittington said.

“It’s a significant chunk of money for us. I mean you’re talking about a third of your business for a month. Basically half your business in a smaller business, I mean depending on what it is. But for our type of business, about a third of out monthly income, and that’s crippling on you.”

A Growing Problem

He isn’t alone in dealing with malicious software.

Attorney General Patrick Morrisey says his office has seen a rise in the number of complaints about computer scams and malware in West Virginia. He says at least a hundred cases were reported last year. Fourteen complaints were filed in January this year.

“And usually when you get a complaint, it’s reflective of a much bigger problem, so a kind of a rule of thumb: For every complaint that comes in there are going to be many other problems that occur but they just may not know to call the West Virginia Consumer Protection Office. So we think that this is a growing problem.”

Prevention

Morrisey and Jalso, the information security officer from WVU, agree that the best way to beat scammers is prevention. Use a robust anti-virus program. There are many available and some programs have anti-malware add-ons that can boost your protection. 

Whittington decided to go a step further. He now keeps his business files on a computer that isn’t connected to the Internet. He uses a separate machine for online ordering and email.

It’s also important in general to just pay close attention when using the Internet, Morrisey says.

“A lot of times when the spam email comes in and you don’t recognize it or it looks a little bit odd, resist the temptation to click on and be curious. Stop, pause and then call our office to enquire about it before you get yourself into a world of trouble.” 

Use strong passwords and change them often. Be suspicious of all email you receive and notices that pop up while you’re browsing. 

Jalso and Morrisey urge people to use common sense when dealing with unsolicited email. If it sounds too good to be true, it probably isn’t.

Malware Tactics

Malware writers use underhanded tactics to get people to open their files, Jalso said.

“There’s a dire warning in the body of the email: If you do not provide us this information then your service will be terminated. And a provider is not going to tell you that in an email. Or the sender’s address has two letters flipped which look really close together, like WVU, they’ll go WUV. And when you’re reading it really fast, your eyes don’t always see that slight change.”

He said the elderly and the young are particularly vulnerable to malicious software. 

“It preys on the elderly because they’re alone and they’re looking for someone to communicate with. And for kids, they just do things so fast that they miss some of the triggers that would alert them that it was a potentially suspicious piece of software or malicious piece of software that they’re going to be installing.”

Morrisey says scam victims should file a complaint with the Consumer Protection Office online or by phone as soon as possible. 

“And then we take that very seriously and also share it with some of our sister law enforcement agencies so we can detect patterns and problems that can lead to better results,” Morrisey said.

The bottom line, Morrisey and Jalso say, is to slow down, be suspicious and be alert when using the Internet.

 

Information from WVU’s IT Department

Malware (Malicious Software) gains access to a computer through two general methods.

  • The malware exploits a vulnerability to gain access to the computer.  This vulnerability could be in the operating system or a running application such as the web browser.
  • The malware relies on user interaction to gain access to the computer.  Examples include but aren’t limited to infected USB drives, infected Office documents, malicious email attachments.

Some Categories of Malware

  • Adware – Deliver advertisements to the user.  May be distributed with ‘free’ software or as part of other malware.
  • Ransomware – Holds the system or information on the system hostage while demanding payment.  May spread through infected files or like a Worm.
  • PUPs – Potentially Unwanted Programs – Software that seems innocuous but is functionally similar to other categories of malware such as adware, spyware and Trojans.  An example of PUPs would be MySearchBar.
  • Rootkit – Malicious software that operates at the system level and hides its presence from the operating system and users.  
  • Spyware – Monitors user activity.  Distributed via ‘free’ software or as a part of other malware.
  • Trojan – Disguises itself as a normal file or program.  Can provide remote access, monitor activity, and/or download additional malware.
  • Virus – Replicates and spreads to other computers by attaching itself to files, documents or programs.  Typically require user interaction to spread.
  • Worm – Crawl through a network by exploiting vulnerabilities in the operating system.  Don’t require user interaction to spread.

Malware Prevention

  • Install comprehensive security software that includes a firewall and protects against viruses, Trojans.   Ensure that your security software includes realtime protection and regularly scans the system for malware.
  • Keep the operating system and all software up to date – particularly web browsers and plugins such as Flash, Java, QuickTime, etc.
  • Do not use USB drives/SD Cards from unknown sources.
  • Do not download software from unknown sources.
  • Do not open attachments from unknown sources.
  • Do not open unexpected attachments from known sources without verifying with the sender.
  • Scan any attachment with your antivirus solution before opening.
  • Beware of phone calls, email or Internet pop-ups offering to help fix your computer.  Microsoft will not call you out of the blue to inform you of a problem on your computer.

Malware Removal

  • Maintain backups BEFORE your computer is infected, crashes or breaks on a separate device or in another location.  Backups and the security thereof is a topic for another discussion.
  • Immediately remove the infected machine from the network/Internet.
  • Perform a full system scan with your antivirus/antimalware software.
  • Do not trust USB drives, SD cards, etc that were recently connected to the infected computer.
  • If necessary, use a ‘clean’ computer to look up malware identified by the scan and/or download removal tools from your antivirus/antimalware company.
  • Know your limitations.  If you are not comfortable attempting to remove an infection or are having difficulty removing an infection, contact a professional.
  • If necessary, restore the computer to the factory settings.
  • Once the infection is removed and your antivirus/antimalware software is fully up to date, scan all removable media.
Exit mobile version