The WannaCry ransomware attack that spread around the globe yesterday caused chaos at hospitals, manufacturing shutdowns, and countless other mission-critical businesses and critical infrastructures around the world. What could be part of the solution is to open only emails from trusted senders. To eliminate those risks we need digital trust.
What does ransomware do?
There are different types of ransomware. However, all of them will prevent you from using your PC in a normal way.
Ransomware is a form of malware that infects victims’ computers, encrypts their content, and issues a demand that the victim pays a ransom to the attacker in order to regain access to their content.
The WannaCry ransomware attack demanded that you need to pay money (a “ransom”) to get your access back. There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again. Unlike many other kinds of attacks, which may primarily target individuals, ransomware is often directed at organisations because the payout is higher. In many cases, with day-to-day operations on the line, it is often cheaper to pay the ransom than attempt to combat the attack or wait on law enforcement to assist.
(Click to enlarge) This graph shows just how many types of encrypting malware researchers have discovered in the past 10 years.
How does it spread?
Cyber criminals simply look for the easiest way to infect a system or network and use that back doors to spread the malicious content. Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.
Though the infection phase is slightly different for each ransomware version, the key stages are the following:
- Initially, the victim receives an email which includes a malicious link or a malware-laden attachment.
- If the victim clicks on the link or downloads and opens the attachment, a downloader (payload) will be placed on the affected PC will download the ransomware.
- The ransomware starts to encrypt the entire hard disk content, personal files and sensitive information.
- A warning pops up on the screen with instructions on how to pay for the decryption key.
(Click to enlarge) Simple ransomware infection chain
What could be (part of) the solution
No one solution or practice can solve the problem. There is no one solution that is 100% effective in mitigating the risk of ransomware. The development of tactics and tools by the criminals is extremely fast to target and victimise users. The ransomware development community is very agile in countering defences introduced by security vendors. It is a highly dynamic situation where attackers are rushing and manoeuvring to maximise financial returns. They will look for easy victims, targets with value, and even work to exploit new technologies in order to keep the money flowing in their direction.
One cornerstone of these attacks is identity deception, the criminals’ way of establishing trust with their intended victims. As anyone who has received an email containing a virus from a strange address knows, emails can be easily spoofed. The identity of the sender is very easy to forge via email. You look at the envelope and think you assume who it is from, but you’re mistaken.
All successful ransomware attacks feature identity deception at their core. They spoof the identity of a trusted sender, and entice a victim to take a dangerous action.
What could be part of the solution is to open only emails from trusted senders. To eliminate those risks we need digital trust. The sender can attach a digital signature to the email, to provide assurance to the recipient that he/she—not an imposter—signed the contents of the email message. The digital signature, which includes a digital certificate and public key, originates from the senders’ digital identity. The digital identity provides verification of the sender’s authenticity, thereby helping to prevent message tampering.
(Click to enlarge): Validate digitally signed messages
A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender’s identity.
AET’s solutions provide the next-generation of security software that enables trust and confidence. With SafeSign IC you can place both advanced as qualified digital signatures. ConsentID and BlueX can be used to issue and use certificates complying with the digital signature legislation.
This post was previously placed on the website of AET Europe.
Note: If the digital certificate process is not secure, attackers can create fake signatures or misuse authentic signatures, bringing the system—and potentially the organisation—into disrepute.