Jul 9, 2017

Quarantine may be the answer to ransomware

Creative Commons

DLA Piper's 3,600 attorneys work in 40 countries, making it one of the world's largest law firms. One of those countries is Ukraine, which on June 27 placed the firm on the front lines of one of the most penetrating commercial cyberattacks ever: Petya. When it hit, it took down DLA Piper's global computer systems, which appear still not to be fully back up. But DLA Piper was only one of hundreds of thousands of victims of the malware in more than 60 countries.

Can't artificial intelligence protect us? AI and machine learning are now crucial to protection (see below). But when it comes to malware like Petya, that will be too late — your data and your entire hard drive will already be encrypted. Petya victims lost much of their stuff to eternity.

BUT there is other protection: On the day of the attack, Microsoft published a blog post and a video describing new protective software, buttressed by machine learning capability. Called Windows Defender Application Guard, it should prevent Internet terrorists, at least for now, from taking down the world's infrastructure and economy, according to Simon Crosby, CTO of Bromium, an Internet security firm, who worked with Microsoft on the technology.

Who dunnit? A lot of security analysts see the fingerprints of a state actor in Petya, specifically Russia, although we still don't know with certainty.

If it is Russia, will it stop? Despite President Donald Trump's planned creation of a new "cyber security unit" with Russian President Vladimir Putin, probably not any time soon. Russia continues to intrude in critical U.S. systems.

How the protection works: The Windows program, and a similar Bromium software that Crosby claims is even more robust, quarantines users in a sort of protective bubble — an "isolation chamber," as he calls it — within their computing system. If there is a malware attack, the software safely wipes it away after the browser is closed.

But why isn't Microsoft distributing it now? I asked a Microsoft spokeswoman why the system will be released only later this year. She responded by saying WDAG is currently being tested with Microsoft clients.

A "wake-up call": Security firms are painting a stark picture in which Petya is only the beginning of a dark future of worsening cyber attacks on commercial and government actors. Whoever you are, it's essential that you keep your devices updated with the latest patches because if you're attacked now, there is a good chance you'll never recover your stuff and may lose your hardware, too.

Bottom line: "There's no time anymore for humans to respond with an alert. We have to respond at machine time scale," Crosby tells Axios.

Go deeper

Updates: Cities move to end curfews for George Floyd protests

Text reading "Demilitarize the police" is projected on an army vehicle during a protest over the death of George Floyd in Washington, D.C.. early on Thursday. Photo: Yasin Ozturk/Anadolu Agency via Getty Images

Several cities are ending curfews after the protests over the death of George Floyd and other police-related killings of black people led to fewer arrests and less violence Wednesday night.

The latest: Los Angeles and Washington D.C. are the latest to end nightly curfews. Seattle Mayor Jenny Durkan tweeted Wednesday night that "peaceful protests can continue without a curfew, while San Francisco Mayor London Breed tweeted that the city's curfew would end at 5 a.m. Thursday.

Murkowski calls Mattis' Trump criticism "true and honest and necessary and overdue"

Sen. Lisa Murkowski. Photo: Bill Clark/CQ-Roll Call, Inc via Getty Images

Sen. Lisa Murkowski (R-Alaska) said Thursday that she agreed with former Defense Secretary James Mattis' criticism of President Trump, calling it "true and honest and necessary and overdue."

Why it matters: Murkowski, who has signaled her discomfort with the president in the past, also said that she's "struggling" with her support for him in November — a rare full-on rebuke of Trump from a Senate Republican.

Facebook to block ads from state-controlled media entities in the U.S.

Illustration: Rebecca Zisser/Axios

Facebook said Thursday it will begin blocking state-controlled media outlets from buying advertising in the U.S. this summer. It's also rolling out a new set of labels to provide users with transparency around ads and posts from state-controlled outlets. Outlets that feel wrongly labeled can appeal the process.

Why it matters: Nathaniel Gleicher, Facebook's head of security policy, says the company hasn't seen many examples yet of foreign governments using advertising to promote manipulative content to U.S. users, but that the platform is taking this action out of an abundance of caution ahead of the 2020 election.