Speaker Key: PB: Phil Brown, DW: David Whelan
PB: Hi, it’s Phil Brown and I’m here with David Whelan. Today we are going to talk about ransomware.
DW: Ransomware is an attack that has been around
for quite a while, and it is really what it sounds. It is a mixture of
the word ransom and software. It is software that will do something to
your device, your computer, phone or tablet, and then requires you to
pay a ransom in order to get it back to where it was before.
PB: Ransomware is not new; it has been around for a few years and I guess technically would be classed as a type of malware.
DW: Right. It just seems to have gotten very
popular in the last six to eight months and I think part of what has
happened is that people have developed ransomware kits, just like when
you would build models when you were a kid, that are available for
sale. If you have the money, you can buy a kit and implement it or
tweak it, and make it your own. Or you can just use it out of the box
and infect peoples’ computers with the ransomware software.
PB: They are not all the same so you cannot stop it with just one particular malware blocker built into your system.
DW: Right, and we have talked on other podcasts
about being wary where you click. This is a really good example of
being wary where you click and where you visit because it is a piece of
software that has to be downloaded. In order to get Criptolocker or
Simplelocker or one of the other ransomware applications on your
device, you would have to be doing something proactive to make it
PB: They can be disguised in a simple email in a
number of different ways. We recently spoke to someone who had one
disguised as what looked like an emailed fax.
DW: Right, and when he clicked on the fax to open it, “Bob was your uncle”.
PB: His entire hard drive, perhaps not the entire
one but certain types of documents were encrypted, and the only person
who had the key was whoever was at the other end of that ransomware
DW: Right. And they are pretty pernicious - they
will go through your entire hard drive and encrypt all the files. They
tend to be what is called “network aware” so that if you are connected
to a network, even if you just have an external drive that you connect
to over the network, or it is plugged into your laptop, it will go
through and encrypt all of those files too. Then, if any of those
files are synchronized up to the Cloud, this synchronization to drop
box or whatever, will upload the newly encrypted file and replace your
open file. So everything you have will be locked down by this
PB: So chances are, if you had a Cloud-based
backup as your only backup, and this infected your computer and was
network aware, there is a very good chance that the entire backup for
your firm could be encrypted.
DW: If you think you have clicked on something and
started the transfer process, then one of the things to do is
disconnect yourself from the network so you limit yourself to whatever
damage is happening on your local drive. If you have a good backup of
your documents or the files that it is encrypting, then you can
probably just throw those encrypted files away. In other words,
reinstall your operating system, reinstall your applications and then
pull the files from your backup over and you won’t have to pay for the
PB: Right. Let’s talk a little bit about paying
for the ransomware because we know that a number of people have been
paying for the ransomware for quite some time.
DW: Yes, the ransomware is interesting. I think it
is very interesting to think of them not as evil-doers behind masks
with little hoodies sitting in their mom and dad’s basement, but as
business people. What happened with the original ransomware is that
once it was installed on computers, the people whose files had been
infected did not have enough time to figure out how to pay. The files
were being wiped out and the ransom people were losing money, so they
said “Hey, this isn’t working. We’re going to move from a three-day
window to a seven-day window because we want to give these people
enough time to pay.” It is tricky and not just a matter of getting out a
credit card and walking down the street to pay. In most cases you have
to pay using something called “bit coin”. This is an encrypted money
that exists only on the internet.
PB: Right, and typically, with some of the
ransomware that we have heard about, they are looking for $300-400 US
converted into bit coin.
DW: So it is a matter of figuring out how to pay,
getting the money to the right place, buying the bit coin and then
transferring it. Once you have transferred it you will receive a key
that allows you to unlock and decrypt all of the files that have been
PB: And desktop computers are not the only devices that are vulnerable.
DW: Right. It is very interesting because a lot of
these ransomware will get around your antivirus and malware software,
so you need to keep those up-to-date anyway. If it does get around your
software then you will need to look for a way to unlock. Some
devices, like android devices, have downloads available, for example
Avast simple locker. Avast is an antivirus tool but it also has a way to
unlock the simple locker ransomware. That is the sort of thing you
will have to do. Although, the first thing is, you should really be
proactive about locking down your computer to block the software from
getting there in the first place. There are sites like foolishit.com
which has a free download and will make some sub changes to your
Windows computer so that if the Criptolocker is ever downloaded it is
not able to execute.
PB: Right, and earlier this year there was also a hole exploited in the “find my iPhone” app with iPhones.
DW: Yes, that is an interesting one, a problem
masquerading with ransomware. Someone got a hold of a bunch of iCloud
accounts from some Australian iPhone users and probably just figured
out what their passwords were or otherwise how to gain access to their
accounts. They logged in, set their phones as being lost, and then sent
them a message over the screen. They were able to totally control the
phone without actually downloading any software; they were just using
software built into the iPhone. Those people just had really poor
passwords so they were subject to this attack.
PB: Right, and they could not really do anything with their phone other than wipe it, start forward, or pay somebody I suppose.
DW: Yes, and those people were pretty reasonable too. I think they only wanted about $100.
PB: Now, again, the message here is to think before you click.
DW: Yes, and with ransomware you really need to
plan in advance. It is not even enough to just do training to make
sure that you are thinking about it and aware that it is happening.
You really need to plan in advance and make sure that your NFR malware
software is up-to-date. You may also want to consider whether you have a
firewall turned on and whether it is watching for these sorts of
things. You will want to make sure that you are aware of tools that
will block things like Criptolocker from downloading. The good thing is
that security experts think that we are sort of past the big blowup of
ransomware and that we are moving on to other, different attacks that
still will put your information at risk, but ransomware is hopefully
something that will just be bubbling on the horizon rather than the big
issue it is right now.
PB: Right, so I guess one of the parting messages
would be that even if you know the source of the email and it purports
to be from someone you know, you should still ask yourself, “Was I
expecting any sort of attachment from this person?” or “Why would this
person be sending me a link to go to a particular website?”.
DW: Right. And if you end up on a website where
you really ought not to be, and I am not suggesting that anyone go to a
porn site but those tend to be common sites that are exposed this way,
and click on an advertisement or something on one of the sites, you may
find that that has done the damage and downloaded the ransomware.
PB: Right. So anytime you are out there looking at
untested sites and something odd is happening on your computer, it is a
good idea to disconnect from the network. That is our look at
ransomware. Thanks very much David.
DW: Thanks Phil.