Worried about ransomware - simple defenses.
Ransomware has been rearing its ugly head again on the news lately, and it's little surprise. It's a scary prospect to lose all your files, whether they are your family photos or your business data. Watching the news it's also quite scary how behind the 8-ball people are with regards IT security.
To understand how you defend yourself first one must understand how you will be attacked. The nature of ransomware is that it arrives in a file. Mostly via email, but through other routes as well. The file contains a macro, which is a small program which is intended to make the file easier to use. Word macros are popular they can be used legitimately to populate data in a form, or make the process of writing a standard letter easier. All sorts of businesses use them legitimately and without much consideration. Other word processors, spreadsheets and presentation software also contain similar programmable aspects. The macro in this file downloads and installs another piece of software which encrypts your files. The rest is pretty much an automated attack.
Defence against a ransomware attack can come in a number of ways. Thinking about how we use email, and how people operate can make us safer. In order to conduct any attack against any person the attacker tries to dehumanise a victim first. Email attacks make this easier as the attacker can, and will send out many attacks at once. It's then a numbers game to see how many mugs will accept the attack. An attack is not personal to the attacker, but it is to the victim.
One option is to remove the attack to a less attractive target. Some ways of achieving this are to remove the mail program from the computer with your more valuable files. There are already many pieces of advice telling people not to open suspicious emails. However pragmatically this will not work. Attackers pose as your HR department, suppliers, and other legitimate sources. If we questioned every form that entered our desk we would never get anything done. If emails don't arrive on the computer that your valuable files are on, then when an attack occurs there is a better chance that they will be safe. As an alternative consider separating the computer that stores your files and the computer that you use for communicating.
Use a second computer for communications (email, messenger, internet browsing, social media etc). This allows you to see what people have sent you, and to open emails with more confidence. Most attacks rely on a compliant operating system. Opening one's mail in a Chromebook, or on an iPad, or Android tablet would allow you to view the contents of files relatively safely. Most forms can be filled in and returned safely. Even if an attacker encrypted everything on your tablet / Chromebook you would still be able to shrug off the loss much easier than if you had all your files on the same computer. The second advantage of this is that most attacks still focus on attacking a computer running windows. The attack will not happen on an iOS / Android / Chrome computer as they simply don't run. The risk here is that if the file is then transferred to your main windows PC it will still cause mayhem. If you do use a second computer to answer your email and perform the first handling of files then you should also consider how you transfer files between your computers.
Make greater use of cloud services. By using Dropbox / iCloud / Amazon / Google drive, you instantly get a whole team of experts backing up and handling the file security for you. At the very worst, you should be able to recover a file back to an unencrypted version. the recovery may be a bit painful, but at least it will be possible, and maybe easier with other services or backup capabilities. Some are better than others, and the best specs don't mean a damn if you don't use the product. Have a look at the options that are open to you, and use them.
Look at how you send and receive files. I know plenty of people who still send most of their forms and other correspondence in office (word) format. Convert your thinking and habits a little to make yourself a little harder to attack. More importantly, make yourself a lot harder to blame if the hoax email comes from you. Office files are fantastic if you are collaborating on a document which has need of content and style. If you don't need to collaborate on content consider a text file. If you don't want others to alter your work without you knowing consider a PDF file. If using a form think about websites. Surveymonkey and google forms are great for collecting data, and the best bit is they will even collect the answers in a spreadsheet for you. If you want the receiver of a letter to not be able to mince your words then send a pdf. A word document is easy to change. Even better if you can digitally sign the pdf. This defence option is less about not getting attacked, more about not being the attack vector, which is a bit like getting immunised to increase the 'herd immunity'.
Think about your company communications strategy. If you are in a large organisation does your HR team need to send those all-user emails? Could most things wait until the end of the week to go into a general managers all-staff bulletin? What would make people suspicious of an email coming from HR? What are the consequences for a suspicious employee rejecting a genuine email from HR? What happens to incoming emails from outside the organisation - can they be opened in a virtual machine which checks for virus activity? Would it matter if emails were delayed by a minute or three? Ransomware and other malicious emails rely on the lack of a face to convince people to take actions. How can you make it easy to be suspicious? How can you make it hard to be gullible?
Ransomware has been in the news a bit recently, and it is a frightening concept. It is important to stay critical and mindful of emails, but also to allow ourselves and others the space and ability to be critical. It's easy to tell ourselves, and each other, to be critical of the emails we receive but when we continue to use email as an impersonal tool we are perpetuating the very behaviours that an attacker relies on.
To understand how you defend yourself first one must understand how you will be attacked. The nature of ransomware is that it arrives in a file. Mostly via email, but through other routes as well. The file contains a macro, which is a small program which is intended to make the file easier to use. Word macros are popular they can be used legitimately to populate data in a form, or make the process of writing a standard letter easier. All sorts of businesses use them legitimately and without much consideration. Other word processors, spreadsheets and presentation software also contain similar programmable aspects. The macro in this file downloads and installs another piece of software which encrypts your files. The rest is pretty much an automated attack.
Defence against a ransomware attack can come in a number of ways. Thinking about how we use email, and how people operate can make us safer. In order to conduct any attack against any person the attacker tries to dehumanise a victim first. Email attacks make this easier as the attacker can, and will send out many attacks at once. It's then a numbers game to see how many mugs will accept the attack. An attack is not personal to the attacker, but it is to the victim.
One option is to remove the attack to a less attractive target. Some ways of achieving this are to remove the mail program from the computer with your more valuable files. There are already many pieces of advice telling people not to open suspicious emails. However pragmatically this will not work. Attackers pose as your HR department, suppliers, and other legitimate sources. If we questioned every form that entered our desk we would never get anything done. If emails don't arrive on the computer that your valuable files are on, then when an attack occurs there is a better chance that they will be safe. As an alternative consider separating the computer that stores your files and the computer that you use for communicating.
Use a second computer for communications (email, messenger, internet browsing, social media etc). This allows you to see what people have sent you, and to open emails with more confidence. Most attacks rely on a compliant operating system. Opening one's mail in a Chromebook, or on an iPad, or Android tablet would allow you to view the contents of files relatively safely. Most forms can be filled in and returned safely. Even if an attacker encrypted everything on your tablet / Chromebook you would still be able to shrug off the loss much easier than if you had all your files on the same computer. The second advantage of this is that most attacks still focus on attacking a computer running windows. The attack will not happen on an iOS / Android / Chrome computer as they simply don't run. The risk here is that if the file is then transferred to your main windows PC it will still cause mayhem. If you do use a second computer to answer your email and perform the first handling of files then you should also consider how you transfer files between your computers.
Make greater use of cloud services. By using Dropbox / iCloud / Amazon / Google drive, you instantly get a whole team of experts backing up and handling the file security for you. At the very worst, you should be able to recover a file back to an unencrypted version. the recovery may be a bit painful, but at least it will be possible, and maybe easier with other services or backup capabilities. Some are better than others, and the best specs don't mean a damn if you don't use the product. Have a look at the options that are open to you, and use them.
Look at how you send and receive files. I know plenty of people who still send most of their forms and other correspondence in office (word) format. Convert your thinking and habits a little to make yourself a little harder to attack. More importantly, make yourself a lot harder to blame if the hoax email comes from you. Office files are fantastic if you are collaborating on a document which has need of content and style. If you don't need to collaborate on content consider a text file. If you don't want others to alter your work without you knowing consider a PDF file. If using a form think about websites. Surveymonkey and google forms are great for collecting data, and the best bit is they will even collect the answers in a spreadsheet for you. If you want the receiver of a letter to not be able to mince your words then send a pdf. A word document is easy to change. Even better if you can digitally sign the pdf. This defence option is less about not getting attacked, more about not being the attack vector, which is a bit like getting immunised to increase the 'herd immunity'.
Think about your company communications strategy. If you are in a large organisation does your HR team need to send those all-user emails? Could most things wait until the end of the week to go into a general managers all-staff bulletin? What would make people suspicious of an email coming from HR? What are the consequences for a suspicious employee rejecting a genuine email from HR? What happens to incoming emails from outside the organisation - can they be opened in a virtual machine which checks for virus activity? Would it matter if emails were delayed by a minute or three? Ransomware and other malicious emails rely on the lack of a face to convince people to take actions. How can you make it easy to be suspicious? How can you make it hard to be gullible?
Ransomware has been in the news a bit recently, and it is a frightening concept. It is important to stay critical and mindful of emails, but also to allow ourselves and others the space and ability to be critical. It's easy to tell ourselves, and each other, to be critical of the emails we receive but when we continue to use email as an impersonal tool we are perpetuating the very behaviours that an attacker relies on.
Comments
Post a Comment