About 40 ‘local authorities’ in TX and FL have been ransomwared over the past few weeks, as have about 400 dental practices. There seem to be links in terms of using service providers whose systems have been ransomwared according to Steve Gibson’s latest show on TWIT TV.
RaaS – ramsomware as a service is becoming a bigger risk. RaaS providers sell exploits to distributors who take around 60% of the funds stolen (usually via cyber currencies). The other 40% goes to the RaaS platform operator. Steve thinks RaaS platforms are disappearing and being re-branded.
Gibson thinks that operating systems should be more proactive in stopping ransomware from encrypting files. He suggests a white list of applications that the operating system will permit to perform encryption. I would probably add compression apps, as they render the file unusable unless the victim has the knowledge and software to decompress. It seems to me that software vendors are relying on their ‘shrinkwrap’ terms and conditions in an attempt to contract themselves out of product liability. Something which would be impossible to do in most jurisdictions if they were selling hardware.
He also suggests that people should keep ransomware backups on site, in a separate system from ‘normal’ backups for archival and for system restoration after an event such as a fire or other failure. The idea of the ransomware backup is that it is created at least daily. I’ve been using an SSD drive with a USB-C connector to make fast backups of my workstation. When it comes to the crunch, and the ransom is demanded, many IT departments seem to opt to pay the ransom, rather than bearing the risks and cost of restoring the system. It seems to me that backup procedures (and restoration) will have to become far more bulletproof. Obviously it is more challenging in a real-time transaction based environment (than backing up a workstation). Ransom payments are funding a nasty industry.
Planning should be based on 'when' a thing happens, not 'if'.
Perhaps one option would be to run one or more front end systems to service staff and online web transactions, and keep mirrored offline ‘gospel’ systems in the background. Periodically updating the gospel systems during the day with believed to be good movement data?
Gibson is coming to Dublin and Gothenburg (which he has difficulty pronouncing – ie Göteborg)
on 24.9.2019 (GOT: 26.9.2019)