Earlier this week, news reports surfaced online about a cyberattack on one of Malaysia’s largest media companies. According to insider accounts, Media Prima—owner of TV3, NTV7, Fly.fm, and New Straits Times—was hit by a ransomware attack.
For the benefit of those unfamiliar with the terminology, a ransomware attack is when a computer or a network of computer systems gets infected by malicious software called ransomware.
Akin to holding your computer hostage, ransomware takes files and documents—oftentimes ones with important and sensitive information—and encrypts them so you can’t have access to them unless you satisfy the demands stipulated by the sender of the ransomware, hence the ransom bit of the name.
In the case of Media Prima, the ransomware allegedly took with it a wide reach of their email systems and demanded 1,000 Bitcoins (circa RM26.4 million) in payments before they were accessible again.
So in an era where so much of our information is kept online, I thought it timely to examine the attack on Media Prima.
Even with little detail to go on—save for the fact that it was mostly a compromise on their email systems—we can still speculate as to how this ransomware attack might have taken place, and what could have been done to prevent them. Here are three ways that are likely starting points for a ransomware attack to happen.
1. By Downloading Them Onto Your PC
In the same way how a computer gets infected by a virus, a large number of ransomware attacks happen by error on the part of the user—the unfortunate part about this being the fact that it really isn’t as simple as saying no to ill-intentioned software and leaving it at that.
Oftentimes, ransomware propagate through emails, pop-up ads, and other links that you click online, and while in theory it may be easy to just say, “I’ll be smart about it and not click on stuff that I shouldn’t”, there are moments where even the most savvy internet user may fall prey to cleverly concealed links designed to download a dangerous file onto your computer.
There are a two main methods ransomware can enter your computer through a download, the first being phishing emails that malicious hackers carefully craft to sound convincing enough to users who are not as careful.
In these emails are files that come disguised as word files, zip files, PDFs, or other formats that are commonly used everyday, and contain protocols that will download ransomware onto the computer as soon as they are activated.
Another way ransomware can gain a foothold on your computer is by drive-by downloads. These usually happen when a user stumbles onto a compromised website and gets malicious software downloaded onto their system.
In this scenario, offenders take advantage of websites with glaring security vulnerabilities and insert malicious code onto them, or simply redirect users to a different site of which they have full control over. Once users visit these sites, they have their system scanned by exploit kits that can quickly pinpoint security flaws and execute an attack in the background without the user even doing anything.
To put it simply, there really isn’t a better way to avoid these threats than to navigate the web smartly. The one biggest weapon hackers currently use in these attacks is the lack of awareness when it comes to identifying dangerous emails or websites.
As cliché as it may sound, it helps to always be cautious when visiting unfamiliar websites or opening emails that sound suspicious.
For companies that employ an email suite to cater to their entire staff force, it pays to use one from a company with repute and with more trusted security traits such as Gmail.
2. Through A USB Stick
Another way ransomware can get spread is through the injecting of an infected USB stick.
While this isn’t as prolific as phishing emails and drive-by-downloads, the occurrence of malicious software laying dormant in an external drive and striking at an opportune moment has been documented in the past.
The thing to be wary of when it comes to modern-day ransomware is its capability to replicate itself (in hidden file formats) onto removable disks once they’re already on a system.
This happens after the ransomware has already managed to move itself onto a computer, and what happens next is as you’d expect—they replicate themselves onto other PC and infect them while also attempting to propagate themselves through whatever avenues they see fit to use (through emails, other removable disks, etc).
Having a strong antivirus software is key to preventing malicious software from attack your system through an external drive. And sometimes it does help to go the extra mile and install a security suite that has a firewall in addition to an antivirus detection system, especially if you know that you’ll be plugging in external drives in and our frequently.
3. Remote Desktop Protocols
Remote Desktop Protocols (RDPs) were created to allow IT admins in corporations to access other computers remotely for the purpose of configuring them or even using them. As use cases for this feature have escalated over the years, so has the propensity for hackers to manipulate it in for their own gain.
Without getting too technical, RDPs necessitate that you have an open port on your computer in which an admin can access to use remotely. When this happens, your computer advertises itself online as having an entry point for others to use.
Hackers can locate these systems using specialised search tools such as Shodan.io, and once they identify a system, they gain access as administrators using brute-force hacking tools that can attempt high amounts of password combinations within short periods of time.
Once they’re in, the hackers have full control of the machine and can initiate the ransomware attack, with their control over the user’s machine making it even more damaging—they can disable the security applications and delete backup versions of Windows, making it even more difficult to retrieve important information and thus making it even more likely that the victim ends up paying the ransom.
Now while I’m no networking expert myself, I’ve looked around and found that one of the best ways to protect against attacks through RDP exploits is for network admins to always have a complex, high-strength password that will be much more difficult for brute-force systems to crack.
This is equally as important to having system updated to the latest security patches. Remember those windows updates that seemingly come in every few days? Best to have them installed as soon as you can.
We have reached out to Media Prima for clarification, and will update this piece with relevant information, if provided.
Feature Image Credit: Intelligent Computing