What is Ransomware?
Ransomware is a piece of malware that will attack/lock your files, and display a ransom note asking for large amounts money. If you don’t provide payment, your data will likely be destroyed. If you shudder when you hear ‘Cryptowall’ or ‘Cryptolocker’, then you probably know a lot about this type of scheme.
The Ransom:
On Friday the 25th; The San Francisco Municipal Transportation Agency was surprised to see the message “You Hacked, ALL Data Encrypted” with the demand of 100 bitcoins to release the encrypted files (equivalent to $73,000).
The Quick Response:
Fortunately, they promptly turned off the ticketing systems to ensure the ransomware didn’t spread across the network simultaneously allowing free rides to subway users. According to the SMFTA website, they were finally able to restore most of their systems from unaffected backups (the attack affected close to 900 computers) and no user data was compromised. They continue to work with the Department of Homeland Security and FBI to ensure the virus is fully contained and removed from the system.
The Culprit:
According to Hoodline News, the attack used a variation of the HDDCryptor, aka “Mamba” which effectively rewrites the computer’s Master Boot Record. The MBR is responsible for querying the first sector of the hard drive to find out how to boot the OS. If this is removed, you can’t boot into Windows, thus cannot access your files.
How to Stay Safe:
1. Keep an offline, or cloud based, backup of your systems. This way, when you run a system restore, you can make sure you’re using only files that are ‘clean’.
2. Use a strong combination of staff education, software, and hardware security measures.
Note: Most of TDI’s technical services involve the types of security that would be best suited for protection. Such as Secure Network Engineering, Secure Systems Engineering, Secure Software Development, System Hardening and more.