Rather than seeking to give the attacker remote control of systems or exfiltrate data that can be sold or used for nefarious purposes, ransomware is a product for profit.
Over the past few years, LBMC has partnered with leading law firms to discuss the technical and legal issues revolving around ransomware. In 2020, For cybersecurity experts, how to protect organizations from threat actors looking for the least path of resistance through vulnerable systems is an interesting but uncomfortable conversation. In order to stay ahead of emerging threats, cybersecurity specialists work to predict the future and hope that their predictions don’t happen.
In regards to ransomware, LBMC has predicted eight separate ransomware product enhancements that may occur in the future. Our number one prediction (and fear) was a ransomware variant that would self-propagate internally (i.e. wormable).
For those of us that were in cybersecurity in the early 2000s, wormable malware such as MSBlaster, Code Red, and SQL Slammer inflicted extreme damage and kept cybersecurity experts on their toes. While LBMC has predicted this type of attack for some time now, we have maintained hope that it would never come to fruition. Unfortunately, on Friday May 12th, 2017, such an attack did indeed materialize.
As you may have seen on the news, a massive worldwide ransomware cyber-attack quickly spread across more than 70 countries. This ransomware attack by the variant known as WannaCry is making unprecedented headlines from NBCNews, FoxNews, and CNN– because unlike previous ransomware variants, it is “wormable” (which means that it can spread by itself, without requiring users to pass it on to other systems) and has the ability to infect an entire network from the inside.
For many of us, this is reminiscent of MS Blaster or SQL Slammer, but the impact is much greater. This “Wormable Ransomware” is something the cybersecurity community has feared for years, and unfortunately it looks like it has finally materialized. Impacted organizations are those that have failed to implement Microsoft’s MS17-010 patch which was released by Microsoft to close holes that were publicly disclosed during Shadow Brokers’ public release of stolen N.S.A. hacking tools. As LBMC Security has been advising clients, proper patching is essential.
For those wondering what they can do to insulate their organizations against attack, download the Ransomware Checklist that LBMC has developed that includes a series of steps to help protect organizations against ransomware attacks such as these.
For additional guidance or assistance with ransomware, please contact LBMC’s Bill Dean at (865) 862-3051 or bill.dean@lbmcstage2.webservice.team.
Content provided by LBMC cybersecurity professional, Bill Dean.