How we can arm ourselves against ransomware

WUR ransom drama prevented

Marc Verstraaten

Human carelessness is often the weakest link in a system. Plus the people working at WUR tend to be a particular type

Here at WUR, we work with sensitive data such as financial data, personal details and significant research data. Cybercriminals would love to get their hands on that data, for example by using ransomware. It is therefore important to make sure the data is properly protected. That was not the case in a recent incident at Wageningen.

Marc Verstraaten (29) describes himself as a dyed-in-the-wool IT guy. The kind of guy who has been tinkering with computers from a young age and who once enjoyed jailbreaking iPhones — hacking them to install software that hasn’t been approved by the manufacturer. Minor stuff compared with what real hackers get up to, the people he has to fight off these days as a network engineer and cloud solution architect at WUR.

Ethical hacking was a key component of his degree. In a laboratory environment, he was taught how to hack into systems. Because if you want to keep criminals out, you need to learn how they operate and find out about the weak points in a system. The weakest link in any system is often human carelessness.

Plus the people working at WUR tend to be a particular type: investigative, innovative, very independent, sometimes verging on the stubborn. They are not interested in rules, protocols or a helpdesk where they can go if they have problems installing a program. They can manage on their own. After all, the software says ‘plug and play’. So it must be a piece of cake, especially for a scientist.

Photo: Anne Reinke

Sensitive data

This usually goes well. But sometimes it goes very wrong indeed. And that can result in the gateway to a system full of sensitive data being left wide open for months. That is precisely what happened this year with a virtual computer system that was being built. Verstraaten: “They wanted to build an application using a Microsoft platform in the cloud. To put it in IT terms, they had spun up a VM [virtual machine, ed.]. To do that, you use a bigger computer located somewhere else, at Microsoft in this case. Of course that virtual machine uses the Internet and because you’re using the Internet, that means the Internet can use you.”

For non-IT readers, what the hackers essentially do is not very different from the old burglar’s trick of using numbered keys. If a hacker has found your door and they see that lock, they know they can get inside. In the specific case of the VM hack, the hackers used a database with various user accounts and passwords. One of those credentials turned out to give them access to the virtual machine.

Photo: Anne Reinke

The hacker did what most hackers do: once inside, they made themselves an administrator, after which they could do whatever they wanted. They also looked for other usable credentials. In many cases that will result in the system being hijacked with ransomware, whereby the data owner no longer has access to the data. The computer is only released again after the owner has paid a ransom (usually in bitcoins). When Maastricht University suffered a ransomware attack in December 2019, it eventually had to pay about 200 thousand euros as a ransom.

This ‘hijack’ was discovered when the researcher could no longer access the VM because it was encrypted. As luck would have it, there was not yet any data on the VM in this particular case so the hijack was pointless. Even so, Verstraaten sees this as a good example that WUR can learn from. “Think about the basics before you start a platform. Make sure not everyone has access as it won’t automatically have high-level security. The risk of the current possibilities in that area is that any researcher can buy a platform like that with their credit card. It’s really easy to put together but the vendor passes on all responsibility for keeping it secure to the purchaser.”

Researcher Bert Klandermans is experimenting in the playground

It’s very easy working in the cloud but that’s the danger

Photo: Shutterstock

The moral of this story? No, don’t call it a moral — Verstraaten isn’t keen on the wagging finger. “We want to give researchers the freedom to build something themselves because they know exactly what they need. But it’s good if the IT department is involved from the start. The IT people have been working in this field for years, unlike the researchers. The scientists see the opportunities but not the dangers. As an IT guy I want to assist them and say to them: look, you can use this technology but you need to watch out for such and such.”

The pandemic has made demand for cloud platforms really take off, says Verstraaten. “After all, you can’t just drop into the university’s data centre any more. Now we have created a playground to help researchers set up their own safe environment. Researchers can decide themselves who gets access and who is responsible for security. The playground has a protective layer, as it were, but the users still have a lot of freedom to make their own choices. Researchers are encouraged to innovate but are shielded from making errors. I am convinced that this can really boost innovation.”

Do you want to know more about the options for working safely in the cloud?

The Cloud Centre of Expertise (CCoE) was set up to help WUR staff make use of cloud technology. If you have questions about this or want some help or advice, you can contact Marc Verstraaten or Floris-Jan Zwaan. You can also create a ticket for the IT Service Desk addressed specifically to the CCoE. They will then contact you via the ticket. You can also find more info about CCoE here.