It’s really terrible when an ordinary person gets hit by ransomware. Our daily lives have become dependent on our use of PCs and mobile smartphones—especially those iPhones. Imagine checking your prized device for the most recent update on your life, your work, your emails, your socials, your images, your contacts, your financial details, your calendar, and finding you cannot unlock your screen. Like, at all. What you get instead is a message that says: Pay us $1,000 worth of bitcoin if you ever want to use your phone again. Scary, right? Sure, you could just buy a new phone for less, but are you willing to lose everything in that device?
Now imagine what happens when a big corporation’s computers get hit by ransomware. They have a lot more to lose. Way more money is at stake and possibly millions of people will be affected. Unfortunately these days, that happens all of the time. This new ransomware attack story is worrisome indeed. So the perfect question right now is, did the company do everything they could to prevent the cyber attack?
Why should we really worry about ransomware?
As reported before, ransomware is a terrible type of malware that’s becoming a bigger and bigger problem for everyone all over the world. Your PC and phone could get it, your Internet of Things (IoT) devices like your Amazon Echo or Google Home could get it, and big corporations and institutions get it too. Cyber attackers use ransomware to encrypt all of your files, essentially to scramble them with a secret code that only the cyber attacker has. They’ll show you a message on your device telling you to send them lots of money or else you won’t be able to use your device ever again. Sometimes paying their ransom works, and sometimes cybercriminals think, “I got their money, that’s all I care about. Ha!”
According to Datto’s 2018 Global State of the Channel Ransomware Report, 99% of managed service providers, companies which handle the cybersecurity for other companies, have seen Windows ransomware. 9% of managed service providers have seen ransomware on Macs, 8% have seen ransomware on Android, and 5% have seen ransomware on iPhones and iPads. And ransomware on Android devices, Macs, iPhones, and iPads is becoming more and more common. When ransomware hits an individual consumer, cyber attackers may demand thousands of dollars, and when it hits big companies, cyber attackers usually demand more than $10,000.
What happened to Media Prima?
When ransomware hit the email servers of Media Prima on November 8, cyber criminals demanded 1,000 bitcoins. As of this writing, 1,000 bitcoins is worth $4,560,180 U.S. dollars. Yes, over four million dollars. That’s a really enormous ransom, even for a big corporation! What’s worse is on the day of the attack, 1,000 bitcoins were worth about $6.45 million. The value of cryptocurrencies like bitcoin fluctuates wildly.
Media Prima is a Malaysian corporation that’s described as a “leading fully integrated media company with a complete repertoire of media-related businesses in Television, Print, Radio, Out-of-Home Advertising, as well as Content and Digital Media.” So they have television stations, magazines, and news websites. They’re a major player in the media industry in that part of the world.
When a reporter contacted Media Prima about the incident, their representative said, “Thank you for the questions. It is with regret (we have) to inform you that we decline to comment on the questions.” But an anonymous source within the company said, “Our office email was affected, but we have migrated to G Suite (Google productivity applications.) They (the attackers) demanded bitcoins, but we are not paying.”
Could Media Prima have prevented this attack?
Some people suggest that Media Prima could have done more to have prevented terrible cyber attacks like the ransomware that hit their computers earlier this month. An email security expert said, “The hygiene factors for securing an organization’s email system revolve around passwords, access, firewall, anti-virus, anti-spam, security policies, and server updates. Of course, there are just too many areas to talk about when running security but these are must do areas when running any server as they revolve around protecting the server and educating users. It is embarrassing for Media Prima that this has leaked out but it is not uncommon to happen, in my experience, but other organizations have managed to keep it away from public exposure.”
It isn’t publicly known what type of ransomware attacked Media Prima or how cyber attackers were able to succeed in infecting the company’s email system. But most of the time, ransomware is able to attack its target through an internet port that allows computers to remotely control other computers like Windows’ Remote Desktop Protocol, or through phishing with a malware email attachment or a link to malware on the web. Phishing is when a cyber attacker uses a fake email, text message, social media message, or website to fool someone into clicking on their link, downloading their malware file, or giving them sensitive information such as passwords. Most of the time they pretend to be a trusted, legitimate entity like a bank, a utility company, Google, or Amazon.
It’s possible that Media Prima didn’t properly secure and monitor their internet ports, and it’s also possible that they didn’t train their employees well enough to not be fooled by phishing attacks and to not open anything from someone they don’t know.
Can anyone offer advice for the future?
Yes. Chia Nam Liang of Pikom, the National ICT Association of Malaysia, has advice for companies who want to avoid the type of ransomware attack that crippled Media Prima in the past. He warns, “Ensure your backups of critical servers and applications are in place and secure. Preferably, there should be a minimum of two types of backups, one online and one offline. While online backups are convenient and fast, there are cases where the malware can also infect the online backups, hence the need for offline backups. Backups are almost the only way to recover from a bad ransomware attack.”
Essentially, he’s saying companies should keep extra copies of all of their files on multiple disk drives that are both on a network and not on any networks. Backups on an internal network can be used for quick file recoveries, while offline backups may be the last resort if cyber attackers are able to reach the online backups too. He further warns, “Most hacker attacks and not just ransomware can be traced to privileged credentials or passwords being compromised. If possible, change all admin or privileged passwords immediately, especially for critical servers and applications. If at all, there is a hacker still lurking within your network, this will foil and delay their attempts.”
So, even if a password is really complex—like a twenty character random string of letters, numbers, and symbols, generated by a password manager—a cyber attack will render all your passwords unprotected. Your personal code will need to be changed immediately because if the attacker gleans the password, it is possible they will try it on multiple accounts—and the likelihood is, they will come up a winner on a least a few. You know it’s true. So, come up with new, really complex passwords. As Chia Nam Liang tell us, “Unless an organization has a dedicated cybersecurity team that monitors constantly, it is likely that no one checks the logs of critical appliances. Get the team to immediately check the logs for suspicious activities.”
What should I remember?
Companies and institutions have devices in their networks that record every little thing that happens to their computers and to their networking appliances such as firewalls. Those records are called logs. A company that is smart about cybersecurity will constantly monitor their logs, catching a cyber attack as it occurs or even beforehand. Better log monitoring will make it more difficult for cybercriminals to be successful with their cyberattacks, just as old-fashioned criminals find it more difficult to rob convenience stores that have constantly monitored cameras.
Hopefully, there will be more news reported in the future about what happened to Media Prima. Even if you don’t work for a company with a big network, some of this advice can be applied to your personal computer and phone use. You can back up your desktop, laptop, and phone’s files to an external hard drive that you keep at home. You should do that at least one per week. You should also use antivirus software on every device you have that can tell you if a cyber attacker tried to send you ransomware. Also, you should never click on a link or download a file from someone you don’t know. Even if they say they are Apple or Netflix, it could be a cyber attacker who is imitating the look of their websites and email addresses in order to trick you.