Ransomware from Stoned to pwned

When I was in the trenches as a defender I saw all manner of malicious software. The first one I ever encountered back in the late 80s was the Stoned virus. This was a simple program that was lobbying the infected computer operator on the subject of legalizing marijuana. It was spread through the use of infected floppy disks.

Years later I found myself standing in the office of one senior staff member when he received an email from a student. He also moonlighted as a university professor. The student professed her love for him and he was moved by the moment and clicked open the email. I lurched forward in a vain attempt to stop him but, the damage was already done.

I had no idea what the email was but, I instinctively knew that it wasn’t good. Much to our chagrin we discovered that this was the day that the Love Bug virus was unleashed on the Internet. That was a long day.

Later in my career I found myself managing the antivirus systems for an enterprise. When I rolled out a fresh enterprise deployment from $AVcompany I discovered that there dozens of system on the network that had either ancient installs of antivirus software or in several cases, none at all. It was amazing that there had been a half-assed approach to managing the install base.

We flash forward to today we see that malicious software has gone from being an abject annoyance to a criminal enterprise. Ransomware is the new vogue for online criminals. Why, because it is working for them. The concept is simple. A piece of malicious software infects a person’s system and then encrypts files or in some cases the entire hard drive. Then a demand is posted to pay an amount of money via bitcoin to recover the files. Some have paid this ransom which has fueled the resolve of the criminals allowing the attacks continue.

All is not lost for the infected victims. In a lot of cases there are decyptor tools available for folks to rescue their files. This is possible in large part by the work of security researchers who have been able to reverse the malicious software. A noble endeavor.

How can you combat this sort of threat? Well, having a sound backup strategy is a strong first step. I have worked in many environments over the last twenty five years and in some environments there was a backup process for some key servers and in only one did I find a backup plan for laptops and desktops.

If you have your files on your system backed up you will be able to recover in the event that your system is compromised. This doesn’t mean you should run off and buy a removable hard drive and back up your work system. Engage with your IT department at the office. For a personal back up this helps but, be sure to encrypt it just in case it goes missing at some point.

Love it or hate it, having an up to date malicious software defenses like antivirus products will help to reduce the risk. Of course this is not an ironclad guarantee by any stretch of the imagination but, better than a swift kick in the nethers.

The simple thing to remember, if you’re not sure about something do not click it. Received an invoice from a company you never heard of? Then it is likely it isn’t what it appears to be. Also, be sure to keep a keen eye on the websites you are visiting. Is it CSOonline dot com or CSOnline dot com. Two very different results.

When we look at the trajectory of malicious software from the Stoned virus in the late 80’s to the ransomware of today we see that the annoyances of the past have become the tools of criminals today.