The Backstory
When I finished my Master of Cybersecurity program in 2017 I started teaching at the University of Arizona. Researching for the Active Cyber Defense class I ended up on a lot of email and phone lists for cybersecurity vendors. THEY saw University of Arizona and thought I’d be a deep pocket customer and they’d call me.
Why You Should Care
After the vendors heard I wasn’t a buyer for the UofA they were disappointed. Then I’d ask how they were serving small businesses. You know what they said? We don’t sell to Small Businesses (SMBs) (not because they aren’t targets; the data breach reports say SMBs are the MOST vulnerable) The reason the vendors gave me was that It’s not lucrative enough. That made me mad. So, I found a way to serve SMBs. Specifically, dentists. A lot of my friends are dentists, so it just made sense.
The Problem
In 2012 one of our local clinics (not a CyberEye client at the time) got ransomware. It cost her $10,000 in bitcoin to the criminal and a lot of driving to Phoenix. One of the latest attacks in Sierra Vista resulted in a ransom demand of well over $1,000,000. And did you know the ransom payments most likely aren’t deductible as a business expense. So not only is it getting more expensive, (if that wasn’t bad enough) drug cartels and terrorists have realized they can make more money with less risk by using the Ransomware as a Service (RaaS) platform to fund their human trafficking activities. If you don’t understand the model for “as a Service” think of your Google Drive. That’s an “as a Service” model. The cost of the ransom, and the frequency of the attacks are increasing exponentially. Research also shows that even if you pay the ransom, 40% of victims don’t get the decryption key. And for those who do, the key doesn’t work. No honor among thieves.
The US Treasury department has said they will fine businesses who pay the ransom. Because it’s often a sanctioned country that attacked you. Those fines are in the millions. The Department of Health and Human Services Office for Civil Rights will fine you if you are a medical provider. It’s a minimum $150,000 BESIDES the ransom. Not to mention the estimated $132,000 in breach notifications, incident response, crisis management, AND the IT support to clean up your computers. These are some of the reasons why the majority of SMBs close their doors after an attack.
The Current Solution
It’s not good. If antivirus and firewalls were enough, why would you keep hearing about ransomware attacks? I’ll illustrate with a story. During the summer, we love to use our smoker on the back porch for ribs and chicken. Delicious! But while cooking I have to go in and out the screen door. Sometimes flies sneak through while the door is open. Once inside, they are pesky. I imagine them coming into the house after just visiting a pile of dog droppings somewhere in the neighborhood (maybe they do, or maybe it’s just a fear I have), then they land on my freshly smoked chicken. The one on my plate with BBQ sauce dripping all over. I don’t like that. But I can’t squash them while they’re on my food. So, I wait. I have to wait for them to land on a surface where they can be killed, and the surface sanitized.
Malware is like the flies. Highly pathogenic and hard to locate until they land on a surface. For malware, that surface is the computer hard drive. That is the only place antivirus can see it. Like flies in the air, malware that is only resident in memory is impossible for antivirus to detect and eliminate. Even when the antivirus does see it there is a small probability it doesn’t alert as malware even when it is.
The Better Solution
Once our children left the “needy” stage of childhood, my wife was missing that “small-creature-needs-to-be-cuddled” time, so, nearly two years ago, she bought a dog. He is a really cute, black Schnauzer-Poodle mix and super smart. I mean, cleans-up-his-own-toys, smart. His name is Chase. He’s the only dog we’ve ever owned that will fetch and return a ratty toy–over and over and over. He is so much fun, so obedient, and he came already potty trained! For those who’ve ever had to house-train a dog, you understand what a HUGE benefit that was.
On Christmas morning, we were all opening presents, when my wife noticed that the snowman wrapping paper on one of my gifts had the wrinkly once-been-wet look. She wondered out loud who had spilled water on it. I, on the other hand, only cared what was beyond the wrinkled paper and the underlying cardboard box.
A few days later, The Mrs. discovered, reoccurring in random places throughout the house, what appeared to be squirts of dog urine. Yep, Chase the Puppy has now entered manhood—marking his territory IN THE HOUSE!
What WAS a well-behaved and beloved furry family member has devolved into an uncouth urine monster. Where he once ferociously observed the potty-in-the-yard rule, his hormones, which are beyond his control, have established (for him) new house rules. His hormones have weaponized him.
He now has an appointment to have his urges surgically altered, but we still have a week before the blessed event. For the next week, he will live in a spacious, black metal cage devoid of objects desirable enough to mark, with ample access to the dog door. We will shrink his access to the rest of the house. He will be “Firewalled.”
Like our sweet boy-dog Chase, computer programs normally behave as we want and expect; however, they too can be weaponized. That’s how malware works. Once it becomes a resident on your computer, it will repurpose previously benign built-in programs for nefarious purposes, similar to our previously benign dog being weaponized by his hormones.
There are many programs on the Windows computer that can be weaponized. Those weaponized programs will connect to the internet and download additional malware causing havoc on your network, like Chase’s hormones causing havoc in the house. One of the most popular, which malware will weaponize, is called PowerShell. With access to PowerShell, malware can literally do anything it wants, just like what Chase can do around the house without any restraints.
Similar to the temporary solution of the metal dog cage, where Chase will no longer be able to roam the house wherever he wants, one simple way to temporarily limit the damage a weaponized PowerShell can cause is to create a firewall rule blocking it from communicating out to the internet. There is only one permanent “fix” for these weaponized programs: Ringfence™ them. Ringfencing™ will “neuter” a weaponized program, making it impotent for malicious purposes but still allow it to perform its daily function.
Chase will be temporarily “Firewalled” in the cage until he can be professionally “Ringfenced™” by the veterinarian. With regards to the computer, it’s important for someone (i.e. your I.T. support) to take immediate and temporary firewall measures until a permanent solution can be achieved by professionals.
Only a veterinarian, a specialist, can safely and permanently alter the reproductive organs of our beloved pet. Like a veterinarian, CyberEye we are your specialist to properly Ringfence™ all the potentially weaponizable tools on your Windows computer. We’ve spent years figuring it out. So you can focus on treating patients.