Blog

Hidden Threats: Stranger Things and Ransomware

We all want to protect ourselves from threats and that includes both our personal lives and our jobs and businesses. Ransomware is one of the biggest threats right now that can affect personal or business data and organizations and their insurance companies are paying big ransoms to get their data back. The scariest part of ransomware is that your systems may already be infected without you knowing it. 

What does this have to do with the hit tv show, Stranger Things? Set in the 1980s, Stranger Things is about ominous threats lurking just beyond the notice of the residents of the fictional town of Hawkins, Indiana. If you haven’t seen this horror/sci-fi tv series from Netflix, I recommend it. Also, if you haven’t seen it:

*STRANGER THINGS SPOILER ALERT* 

In the first season, the seemingly innocuous Hawkins National Laboratory is performing secret and inhumane experiments on human subjects and a doorway is opened to a strange and deadly alternate dimension. In season two, the other-dimensional “demogorgons” have dug a series of tunnels under the town and its unsuspecting residents. In season three, a secret Russian military base is discovered right under Hawkin’s new shopping mall.

As a native of Indiana, a ‘Hoosier’, and someone who turned 13 years old the year the first season takes place (1983), I can definitely appreciate the themes presented in Stranger Things, especially the Dungeons and Dragons gaming and the existential threat of the Russians. In 2019, our threats can come from anywhere, including foreign powers like Russia. There are too many ransomware threats to name but some of the more prominent have been WannaCry, Petya, NotPetya, LockerGoga, and Ryuk and despite some of these having been around for years, most are still actively infecting systems.

One of the most sinister things about these ransomware attacks is that they can infect a system and lay dormant for weeks or months before becoming activated. Infections are most often caused by phishing attacks with email attachments. They may lay dormant due to the attacks being a combination of multiple malware components designed to spread the attack further through the system before activating. 

One factor that is making it easier for attacks to spread is the increasing number of devices being added to our networks in the form of IoT devices. Smart devices of nearly any type have the potential of carrying malware onto a network. Often these devices, even devices as seemingly innocuous as smart TVs, are added to the networks without any management or oversight, making them added points of vulnerability.

So, you might already be infected, or you might be infected in the future. If you do get hit, your data is at serious risk. Getting the encryption keys to retrieve your data is going to take more than Dusty Bun singing “Neverending Story” to Suzie Poo. Organizations are paying real ransoms of hundreds of thousands of dollars and that is only part of the recovery cost. Think of all the productivity and downtime incurred and all the time needed to get systems back up and running when you do get the data back.

What can you do about it? The first thing is to make sure your systems and data are backed up. The better the backups, the better the chance of recovery. The more recent the backups, the less data you will lose when ransomware strikes. This is all Disaster Recovery 101 advice but the truth is there are a lot of organizations that do not back up all their systems and data and those are the most vulnerable to ransomware.

Make sure you have the right kind of system that can be recovered as easily as possible. With the right type of virtualized systems, infected virtual machines can be reverted back to pre-ransomware snapshots and be up and running within minutes. This might not be possible if the hypervisor itself gets infected, so check which hypervisors are most vulnerable. The most commonly used operating systems tend to be targeted the most and with those systems it is important to stay on top of security patches.

There are also active protection solutions like Acronis backup that detects when ransomware starts affecting files and can walk back the malicious actions taken against your data. Recovery is great, but active protection is even better. 

As in Stranger Things, threats are often close by whether we can see them or not. Combining a solution like Acronis with an easily recoverable virtualization platform like Scale Computing HC3 can give you peace of mind in a time when the question is WHEN you get hit rather than IF you get hit by ransomware.