As 2020 closed, so did the era of Adobe’s Flash. Adobe will no longer support Flash and has advised its users to uninstall the software entirely. Some say good riddance as Flash had many issues including bugs and security vulnerabilities. Others are concerned about what will happen to the millions of websites that still rely on Flash. Whichever side you are on, it really doesn’t matter as we are all in the same boat, Flash is no more.

The Golden Years

During Flash’s golden age, it had the responsibility of running a lot of the internet.  With the growth of Flash’s popularity, it also became a target for hackers. In terms of security risk, it quickly ranked among browser plugins like ActiveX and Java. In 2017, Adobe finally decided they couldn’t fix Flash so they announced Flash’s end of life (EOL).  

Here’s the official EOL announcement from Adobe back in 2020:   

Adobe will not issue Flash Player updates or security patches after the EOL Date. We recommend that all users uninstall Flash Player before the EOL date (see manual uninstall instructions for Windows and Mac users). Users will be prompted by Adobe to uninstall Flash Player on their machines later this year and Flash-based content will be blocked from running in Adobe Flash Player after the EOL Date.

Flash is Out, Why are you surprised?

It doesn’t come as too big of a surprise that Flash is now no more. Steve Jobs hated Flash so much he banned its use on some Apple devices. Jobs felt like Flash was cumbersome to use on a touch screen, unreliable, a security threat, and a drain on battery life. Furthermore, Flash didn’t update right away with smartphone technology. By the time it did get updated, the smartphone world had moved on to better technologies like HTML5.  About 80% of Google Chrome users in 2014 visited a site with flash.  That number dropped to just 17% by 2017.

Doomed Websites

According to rough estimates, there will be millions of sites still running Flash.  However, Adobe has created some tools that help web developers migrate their Flash content to HTML5 or other web technologies.  Also, BlueMaxima’s Flashpoint offers a “web game preservation project” to help archive tens of thousands of Flash-based browser games.  This project disseminates its own, open-source and “secure” player software, allowing Flash cronies to access their games despite the shutdown.  

How to Uninstall Flash

 Protect your system by uninstalling Flash.  Adobe has posted uninstall instructions for both Windows and Mac users. Here’s how it works:

  • Download an uninstaller application for Flash Player.  Make sure to choose the Adobe uninstaller. (There is a different one for each operating system; and if you’re on Mac, pay attention to which OS version you’re using.)
  • Run the uninstaller. (On Windows, you’ll first need to close out all browsers and programs that use Flash. On iOS, you’ll do that as part of the process.)
  • Then, you can verify that the uninstallation was successful by restarting your computer and then checking the status of Flash Player on your computer from the Adobe website.

 

Xchanging, a subsidiary of DXC based in the UK,  was attacked with ransomware on July 4th, 2020.  Mark Hughes, senior vice president of offerings and strategic partners at DXC Technology, wrote an article in the Harvard Business Review titled “5 Lessons We Learned From Our Ransomware Attack”. Hughes explains that a message was received from the attacker with a cartoon character making an obscene hand gesture and the note:  “We have your data.  We’ve encrypted your files. If you want to negotiate, we can talk on a secure tool or chat session.”

You might think Hughes’s first move would be to strike up the negotiations with the attacker. Instead, Hughes pinpointed the systems that were accessed and quickly isolated and neutralized the threat. The average ransomware attack takes 16 days to restore back to operational functioning. On July 5th, just one day after the attack, Hughes’s team had already cleaned and restored the impacted environment, and by Monday, July 6th Xchanging was processing insurance policies again.  

Hughes’s experience can provide many valuable lessons on how to deal with ransomware but we will just review his top 5 from the article. 

Know Your Infrastructure

First, know your infrastructure.  You need to regularly apply basic software patching hygiene. Also, make sure all networks and firewalls have enterprise security tools in place as they will alert you to malicious activity. In Hughes’s ransomware attack, the hackers used “grayware” to exploit Microsoft Windows and launch malware. While the attack was not prevented, Hughes’s team was quickly alerted that something wasn’t right and they were able to identify where the network was compromised. 

Include Senior Management

Hughes’s second point is to include senior leadership from the start. The reason why you want to include senior management is that they can make critical decisions quickly. For example, in Hughes’s crisis, senior management made the decision to sever all connectivity with Xchanging systems. This involved action from IT teams in the UK and India, and as Hughes puts it “engaging leadership from those teams allowed the shutoff to happen quickly and efficiently.”

Contact Your Authorities

Step three is to engage authorities and experts early. Law enforcement and security experts have experience dealing with ransomware cases and can give ideas on how to manage the attack and get legal support. In Hughes’s case he notified law enforcement in the United States that the ransomware was programmed to send Xchanging data to website domains in the U.S. By the end of the day, he had already received a court order to take control of the attacker’s internet domains.

Don’t Pay the Ransom

Step four is to gain as much leverage as you can and don’t pay the ransom. The experts agree – don’t pay the ransom. In the U.S. and UK measures are being taken to legally enforce against paying ransoms in a cyberattack. Hughes suggests that if you do decide to negotiate a ransom with cybercriminals, bring an experienced ransom broker on board.  

 Be Transparent

And finally, be transparent. Sharing information can help keep others safe and mobilizes a whole bunch of help from those you are in contact with including colleagues, authorities, and the security community. Hughes notified the public with a news release on Sunday, July 5th, and a few weeks later to inform the public that the ransomware was contained.

Ransomware attacks can be a messy business. There is much to be learned from Hughes’s experience on how to overcome ransomware. The writer concludes that Hughes is a hero because he not only saved his company but also passed on that saving information to us.