No reported WannaCry ransomware attacks at Miami

By Cathy McVey, information technology services

ransomwareMiami faculty and staff can take a deep breath. There have been no reported instances of WannaCry ransomware attacks on any university-owned computers.

What made Miami so lucky when businesses around the world were clearly affected? According to Joe Bazeley, it’s not luck, it’s following standard security processes. And what kind of esoteric tools does Bazeley use? Software patches and regular backups.

Patches: Your best friend

Microsoft releases monthly patches with updates to the Windows operating system. IT technicians test each release and push it out to all University-owned computers. Bazeley says he received a heads-up that the March patch was particularly urgent and without the fix that patch would provide, the level of risk was high. That warning came from a government agency called US-CERT that monitors the cybercriminal world and shares its intel with security professionals.

The new Vulnerability Management System Bazeley had installed earlier this year is another tool that checks to be sure all computers on Miami’s network have their patches installed. But there are exceptions, Bazeley shares. “Some computers on campus cannot be upgraded to the most recent and secure operating systems. These are often connected to highly specific lab or research equipment, and we design extra layers of security to ensure they stay as safe as possible, too.”

Backups: Your next best friend

Backups are another key strategy. Make regular backups to Google Drive, to a USB (thumb) drive, or external hard drive. (Be sure to disconnect a thumb drive or hard drive from your computer after the backup completes. Otherwise it will be encrypted along with everything else.) If you are the victim of a ransomware attack, you can simply restore your files from your backup instead of paying the demanded ransom.

“We are always monitoring the network for unusual activity,” explains Bazeley. “If your computer is being attacked we may very well pick up the unusual activity that means your data is being encrypted and squash the attack before you even know it’s going on.”

Typical ransomware victims

Although the cases we heard about in the news were all large organizations, small businesses and individuals are the biggest targets for ransomware attacks. Both tend to have lots of important information stored on their computers, with little formal security. When information like our tax records, payroll and family photos is ransomed, a $200 payoff may seem more than reasonable. It’s certainly easier than trying to rebuild those records or explain to Aunt Bessie why you don’t have any pictures of her.

Who is behind this?

While we don’t know exactly who is responsible for WannaCry, we do know that many ransomware attacks originate in Russia and Eastern Europe. Under Soviet rule lots of resources were spent educating technical people. But since the demise of the USSR, many smart, tech savvy people have found themselves without jobs.

That is where modern-day organized crime comes into the picture. Recruiting (or coercing) the technical experts and surrounding them with a robust organization has proved to be a winning business model. They may only make $200 from each “transaction,” but they rely on volume to generate the level of income they expect.

“Their customer service rivals what we expect from companies like Apple,” jokes Bazeley. “They have call centers staffed with friendly people who are more than happy to walk you through how to buy and transfer the bitcoin payment they require. Then they will provide you with the key to unencrypt your data, walking you through that process as well.”

Takeaways for all of us

There are a few simple steps that can make it difficult for a ransomware attack to get to your data. Follow these simple steps:

  • Keep your operating system as current as possible.
  • Apply patches sent from the operating system’s creator.
  • Back up your data.

For more information about ransomware, check out the recent US-CERT article or this public service announcement from the FBI.