Ransomware on the rise, how can you protect yourself?

What is Ransomware?

“Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.” ^[1]

What does this mean?

Essentially, an attacker can lock you out of access to the majority of your system and the only way to re-gain access to your file/devices is by paying a ransom to the attacker via methods such as Bitcoin. These attackers use cryptocurrency for payment as these make it near impossible to track the attacker. Without access to the decryption key (the key to unlock the encrypted files) your files are rendered inaccessible. These attackers are often located in jurisdictions in which Canada/U.S.A. cannot extradite/charge these individuals.

How are these attacks executed?

• Phishing Emails.
• Visiting suspicious websites which can unknowingly download files to your device.
• Web-based instant messaging platforms.
• Directory Traversal Attack via vulnerable web servers.

Ransomware on the rise

As a society we reap the benefits of an ever growing digital world, however, we must learn how to properly protect ourselves from increasingly more advanced digital attacks. Covid-19 in particular has exacerbated the issue as attackers are taking advantage of the drastic increase in individuals whom participate in an increasingly digital world. In fact, it is reported that “ransomware attacks have increased 40% to 199.7 million cases globally in Q3 of [2020].” ^[2] This increase in Ransomware attacks means that more individuals/corporations are being targeted and this could be you! In fact, Ransomware has affected the institution in which you currently attend this class. The University of Calgary was subject to the “SamSam Ransomware” attack that took place in May 2016, which concluded with the school paying $20,000 to the attackers to retrieve access to infected files. ^[3,4]

The Log4Shell Golang “TellYouThePass” exploit

What is Log4Shell and Golang?

Log4Shell

On “9 December 2021, the zero-day vulnerability in the ubiquitous Java logger Log4j 2, known as Log4Shell” was discovered. ^[5] A zero-day vulnerability is a vulnerability which was unknown to security experts prior and which there is no solution/patch to fix said vulnerability. This particular attack method was discovered on the Java version of Minecraft, and Google has confirmed that there is over 35,000 Java packages globally which utilize Log4j 2. ^[5] This method of attack was considered serious of enough to gain a 10/10 critical rating and nearly 1 million attacks were attempted just 3 days after the vulnerability was exposed to the public. ^[5] This attack was serious enough that “Check Point researchers also recently revealed a global average of 40% of corporate networks have seen Log4Shell exploitation attempts in the first few days of the vulnerability’s disclosure.” ^[5] It is evident that this attack can be disastrous for those who use applications with vulnerabilities and for those who produce these applications with said vulnerabilities.

GoLang

GoLang (Go) is a very powerful cross-platform programming language written by Google in 2007. ^[7] When languages are not cross-platform then an application must be developed using different sets of tools depending on the operating system. Go has been gaining popularity increasingly fast and is even considered one of the top 11 programming languages according to one of the best Computer Science programs in the world, Berkeley University. ^[7]

What is this particular exploit?

While most attacks/vulnerabilities are local to one operating system, this attack in particular can target those using Windows and those using Linux operating systems. ^[6] This attack has revived the TellYouThePass exploit but now using Go as the source language the attacks are written in. ^[6] While it may seem like the same attack at the surface by using Go the attackers can re-use the vast majority of the code in multiple operating systems. This portability allows the attackers to infect a larger user-base without putting in more effort.

The Go version of the TellYouThePass attack goes further than the original attack by obfuscating data involved. ^[6] Obfuscation is a technique which generates essentially meaningless names for functions/files involved. By doing so the ability to reverse engineer (or work your way back from the end of the attack to the start in order to understand the route of attack) is greatly hindered. Hindering the ability to understand the attack hinders the ability to patch it as well, leaving more victims available.

What is the significance of this exploit?

Growing prevalence of a zero-day attack means that more individuals are targeted and thus subject to the fines in order to retrieve access to their network/devices. Attackers require a payment of 0.05 Bitcoin to gain the decryption key, this is roughly $2100 USD. ^[6] This is quite a hefty sum to pay if you want to access your personal data. With so many applications utilizing Log4j 2 it is extremely difficult to keep these services and yourself protected. This cost could potentially leave your or those you know in dire financial strain as your choice is either paying or be unable to use your computer./devices. With online activities becoming more prevalent this could mean the inability to do the job you’re hired at, coursework, communicate with family/friends, and much more.

What can you do to protect yourself?

• Ensure to update your machine regularly. This ensures that potential fixes to vulnerabilities within your operating system are applied before you become a victim.
• Only use trusted software. Before running or installing a program ensure to research the program and verify that it is legitimate.
• Update trusted software regularly. Ensure that you keep your software updated. Updates/patches are often pushed to fix security issues.
• Keep up-to-date with new vulnerabilities. You can do this by utilizing websites that report on computer security, such as BleepingComputer.com
• Ensure your security/firewall is active and updated. In modern computing simple but powerful Antivirus software can handle a majority of security risks. Something like Windows Defender is more than enough for regular usage. You should also occasionally run Malware scans.
• Browser Security. By installing add-ons you can increase your browser security exponentially. While it may take an adjustment period it will greatly benefit you. Personally in Firefox I use uBlock Origin, HTTPS Everywhere, NoScript, Decentraleyes, and Privacy Badger.

References

• https://www.cisa.gov/stopransomware ^[1]
• https://www.kratikal.com/blog/ransomware-attacks-increase-to-40-in-q3-2020/?utm_source=Ransomware%20Reminding%20Cyber%20Security%20Experts%20It%20Still%20Exists&utm_medium=Kratikal%20Blog&utm_campaign=Blog ^[2]
• https://www.cbc.ca/news/canada/calgary/university-calgary-ransomware-cyberattack-1.3620979 ^[3]
• https://calgarysun.com/news/crime/two-iranian-men-charged-by-fbi-in-ransomware-scheme-that-led-u-of-c-to-pay-20000 ^[4]
• https://www.itpro.co.uk/security/zero-day-exploit/361819/what-is-log4shell-log4j-vulnerability ^[5]
• https://www.itpro.co.uk/security/ransomware/361965/ransomware-rewritten-golang-to-target-windows-linux-users ^[6]
• https://bootcamp.berkeley.edu/blog/most-in-demand-programming-languages/ ^[7]
• https://i.ytimg.com/vi/rAOPpz5r3wM/maxresdefault.jpg ^[8]
• https://www.kaspersky.com/content/en-global/images/repository/isc/2021/ransomware.jpg ^[9]
• https://upload.wikimedia.org/wikipedia/commons/thumb/2/2f/Google_2015_logo.svg/1200px-Google_2015_logo.svg.png ^[10]
• https://images.moneycontrol.com/static-mcnews/2021/01/Bitcoin-1-770×433.jpg?impolicy=website&width=770&height=431 ^[11]
• https://www.splunk.com/content/dam/splunk2/en_us/images/campaigns/log4shell/log4j-attack-diagram-r3.jpg ^[12]