The Ransomware Scare - practical tips to protect yourself

24.06.19 07:50 AM By Matt Koopmans

Ransomware is creeping into business and government systems seemingly unimpaired by the counter measures they put in place. Antivirus and malware protection are not a luxury, but they can only keep up with the newly released infections, at best. The weak point remains the user as entry point, and system architecture as the point of propagation of the infected code. Josh Fruhlinger wrote an excellent article "The 6 biggest ransomware attacks of the last five years" for CSO. As there is money to be made - ransomware is not going away anytime soon.

Ransomware - a business model

Sometimes I still receive an email (correctly identified as spam), with the sad news that my long lost uncle has passed away in Nigeria, and the helpful lawyer is instigating the process to transfer the 20 million dollars of inheritance to my account. If only... well, that is where I stop reading - it is in the spam folder anyway. The number of people falling for this trick is declining rapidly. It always was a numbers game - send enough messages like this, and there will always be one UI (jargon for Useful Idiot) taking the bait. However, the hitrates are declining, and there is no guarantee that the UI has any money to swindle off in the first place.

In comes ransomware - the model is simple: get a computer infected with malware at a corporation or government institution, let it spread, and lock up the files (all files) with a virtually unbreakable encryption. For a significant sum of money, the decryption key can be purchased - money that is not something you'd spend without blinking, but a significant lower cost than losing all the documents. To add pressure, the perpetrators usually invoke a time clause - which if lapsed, increases the required funding.

Breaking the business model

Because it is a business, there are cost and risk analyses performed on a daily basis. As criminal as their activities are, these ransomware perpetrators are anything but dumb. The cat and mouse game between them and law enforcement is played perpetually - the perpetrator one step ahead.

If you find yourself infected, pending the severity of the loss of data, you may be tempted to pay the ransom and get the decryption key. While there is no guarantee that the key works, or that you'll even receive one (chances are you will, as when the word spreads that when you pay up you'll be left hanging, the model is broken - nobody will part with their money). However, when you do pay up, and you get your files back, you have actively proven the business model - it works, and part of the proceeds will go to developing even more sophisticated ways to help us part with our money (and we can only speculate what other causes are funded with the rest of the loot). Not paying breaks the model, but you are still without your data - you may have averted victory to your opponent, but you have suffered significantly more damage - in the analogy of boxing, you have lost on points. You must keep your defense up.

The best way not to lose a war

The cat and mouse game will go on forever. Measures for protection are introduced, and now holes in the security are found and exploited. In particularly with Microsoft Windows based systems, this is a battle without end. Why single out Windows? Two reasons - the first is the most obvious - when well over 90% of the worlds desktop computers run Windows, it is offering the greatest number of potential infections. Just like the "uncle in Africa" scam - it is a numbers game. We have to protect ourselves against every threat all the time, they only need one UI. The second reason has to do with the history of Windows itself, its architecture and security implementation. Certainly, Microsoft has made great progress in making Windows more secure than ever. And they have raised the bar, but coming from a very low point.

MacOS is a bit different. It has significant enough market share to be interesting, and viruses and malware are released for that platform. However, the internal workings of MacOS X, which is based on BSD, is very different to that of Windows. MacOS keeps running stable longer than Windows, and it has a better security implementation.

Then there is Linux - very popular in servers, as well as IoT devices and mobile phones (Android is based on Linux) - it is the most widely used operating system in the world - but on the desktop, a mere few percentage points. There are viruses and malwares targeting Linux, but their numbers pale in comparison with Windows. And mostly they are targeted at the non-desktop use of Linux (it is a numbers game - why would you invest in something that so very few people use on the desktop?). The architecture in Linux is also very different to Windows - users must give explicit permission for programs to run, and then they only run within that isolated area - it is not so simple to affect the actual operating system with malware in Linux. So the best way not to lose a war, is to step aside, and leave the battlefield. The battlefield is called Windows. On MacOS and Linux, there are mere skirmishes.

Why people cannot switch

There are a few reasons why people cannot make the switch to Linux - and the more users you need to switch, the more likely it is that a portion of these users use a program that is only available on Windows. Or your business software, in which you have invested significantly over the years, will not be available on Linux. 

For small businesses, and solopreneurs, these usually do not apply. And with cloud software running on any operating system, any device, more and more larger businesses can look at evaluating the benefits of a switch.

Ease of use has often been touted as a reason to steer clear of Linux. True - advanced users will tout the terminal (command line) as the best and most efficient way to get things done. Compare these users to the ones that use PowerShell in Windows - you can do just about everything you need to do in the graphical desktop environment - just like you can in Windows. And drivers? Linux has these built in - no need to hunt for these online.

What's more, you can try before you buy - or even, try before you install. Most Linux distributions come with a "live image" - a bootable image that runs the entire operating system without installing.

If you want to know more about how Linux could be useful in your business, contact me via the button below, and book a free session to discuss the possibilities.

Contact us for your freeLinux assessment