When a cyber-attack hits about 200,000 Windows PC’s across 99 different countries, it tends to command our collective attention. (Enter WannaCry, the global attack that began on May 12.) However, the WannaCry ransomware attack is not the first of its kind, nor will it be the last. And that means that it’s important to understand not just this particular outbreak, but also how these types of attacks work, and what you can do to protect your business against all of these threats.
First things first though! Let’s start with an overview of the current ransomware crisis and how it got to this point.
What is WannaCry?
WannaCry is a malware strain that affects machines running unpatched versions of the Windows operating system. The virus exploits an SMB security flaw that was discovered (and patched) earlier this year.
WannaCry is designed as ransomware, which is a virus specifically created to lock up the files on the affected computer, denying the user access until a ransom is paid to the hackers. (Even then, there is no guarantee that paying the demanded fee will result in files being restored.)
Most commonly, ransomware gets installed on a user's system as a result of a phishing email. The email will include a malicious link or attachment that - when clicked on or downloaded - allows the ransomware to infect that machine and possibly spread beyond it to other accessible drives on the network.
During a ransomware attack, your files will either be encrypted or you will be locked out of your system. The end result though is the same – your files are inaccessible.
In this case, the hackers behind WannaCry are demanding $300 (payable in Bitcoin) to release the files back to the victim. The amount is set to increase the longer the ransom goes unpaid. After 7 days, all files will be deleted permanently.
What makes WannaCry especially dangerous is that once it takes hold of one computer (after initially compelling a user into clicking a link or attachment) it has the ability to self-spread, without relying on additional link clicks or file downloads.
That’s because it is leveraging a Windows SMB exploit named EternalBlue that allows a remote hacker to hijack computers running on unpatched MS Windows operating systems.
So once one computer on the network is infected, this bug then goes about scanning for other unpatched PC’s on that same network, in addition to seeking out random hosts via the Internet.
This feature has contributed to how quickly this ransomware outbreak spread after it first hit.
The Impact of WannaCry
Among the worst hit by WannaCry was Britain’s National Health Service, which was said to be running 15-year-old software on the majority of its computers. The attack against them affected 36 hospitals, causing surgeries, appointments and other procedures to be canceled. Patient records were unavailable and their phones were also down.
Other companies reportedly affected include FedEx, Nissan Motor, the Russian Interior Ministry, China National Petroleum, Deutsche Bahn and Hitachi, among others.
Cyber Security expert Matthieu Suiche even posted an Infection Map to Twitter, calling it a “bloodbath”.
Fortunately the spread was slowed over this past weekend by an “accidental hero” who discovered – and inadvertently activated - a kill switch inside the virus’ code.
Is the WannaCry Crisis Over?
Common wisdom is that the attack that began on May 12 is just the beginning.
Even that accidental hero who stopped the spread of WannaCry has cautioned that it's not over. He has warned users to patch their systems immediately, predicting that the hackers will just change the code and restart the spread.
Security researchers have already detected new versions of this ransomware, now known as WannaCry 2.0. It’s believed that 2.0 wasn’t even created by the same hacker but rather a completely different person or group. And there is widespread speculation that organized cybercrime enterprises are going to tap into this momentum and spread their own malicious versions.
How Can You Protect Yourself from WannaCry?
The best news coming out of this outbreak is that you can prevent becoming a victim of WannaCry with a simple security update.
Recall that we said above this ransomware is exploiting a security flaw in the Windows operating system. We also noted that it was patched, meaning that Microsoft discovered the flaw and issued an update to protect the operating system against it.
If your system is current on your Microsoft security updates, then you are not at risk from the known strain of WannaCry. (And if you are a Corsica Tech managed IT services customer, you are good to go!)
If it’s not, then you’ll need to ensure that you have received all of the Microsoft updates.
Even those who are still relying on some unsupported versions of the Windows OS can protect themselves, since Microsoft took the highly unusual step of releasing a patch for these older versions of the OS, including Windows XP, Vista, Windows 8, and Windows Servers 2003 and 2008.
You can learn more about that here.
Generally speaking, you can protect yourself against WannaCry by keeping your operating system up-to-date and not relying on outdated technology, which is much more vulnerable to these types of attacks.
Protecting Against All Ransomware (Not Just WannaCry)
The bigger question here is how can you protect your systems against ALL strains of ransomware, and not just this one?
While there is no one foolproof method of prevention given the increasing sophistication of these types of cyber-attacks, there are security best practices that can help protect against most threats.
These patches (like Microsoft’s March patch) get pushed for a reason. They are either patching a known security vulnerability or improving the functionality…or both. In this case, Microsoft release a Security Bulletin on March 14 that classified it as Critical.
Those NEED to be deployed to your systems. Because if the software company knows it exists, more than likely the hackers do too…or will in due time. And they will exploit them, as we have seen with WannaCry.
If you don’t have someone managing that for you, then it’s past time to partner with an IT service provider. Even if you weren’t affected by WannaCry (yet), it should at least be a wake-up call that you need better IT support, if you are still operating without basic monitoring and patching services in place.
(NOTE: Patch management is a standard component of our managed IT service solution. It’s why not one Corsica Tech customer was affected by this outbreak. Our SOP includes pushing all security, critical and 3rd party updates to user systems daily, and to user systems - with a forced reboot - and servers weekly.)
Run Anti-Virus/Anti-Spam Programs
These won’t block every malicious email, but they will filter out the known signatures, lowering the chances of someone in your business clicking on a bad link.
It’s not enough though to just have it…it also has to be kept up-to-date in real time. At this point, the reputable anti-virus vendors have already added WannaCry detection capabilities.
Have a Firewall
Having a firewall is a critical part of a layered network security approach. It must also be kept up-to-date and managed according to today’s best practices in order to be effective against intrusions.
Know the Red Flags of a Phishing Attack
The vast majority of these malware programs get through the door via phishing emails. They have gotten incredibly good at targeting your end-users using spoofed emails and social engineering tactics that entice the user to click that link.
Think Before You Click
This goes beyond just knowing the red flags – it’s about training your end-users to be cautious or even suspicious. Because it’s not possible to know the specific details of every single threat out there, it’s better to train on general awareness.
If every email is approached with a healthy dose of skepticism and an awareness as to the risks associated with accidental clicks on phishing emails, it can head off many of those unintended bad clicks and "OOPS" moments.
Stop Relying on Outdated Technology
Limping along your hardware for another year may seem like the budget-conscious thing to do, but it could ultimately cost you. WannaCry specifically targeted outdated technology. So if you want to strengthen your defenses against today’s cyber-threats, make sure you aren’t doing so with 10 or 15-year-old technology.
And to add to that thought...stop trying to do it all on your own too. Because if you're running outdated technology it more than likely means that you haven't engaged a trusted IT partner to help you navigate today's technology needs.
Have Reliable Data Backups
While there is no absolute guarantee against getting hit with a virus that can cripple your systems, there is a way to guarantee that you can get back up in running smoothly in the event of a crisis. Data Backups.
This doesn’t mean just having backup tapes either. It means having both on-site and off-site data storage, so that a network-level cyber-attack can’t also get to your backup data and encrypt or corrupt it. It means having a plan to restore your data, after an attack occurs.
Mostly it means that you have planned for WHEN an attack occurs, and are ready with a remediation plan that has been thoroughly tested and will get your team back to business as quickly as possible.
In a nutshell, if you keep your systems up-to-date with security patches, educate and train your end-users on today’s cyber-risks, and adopt a layered approach to network security, then it is feasible to avoid becoming a victim of a cyber-attack like WannaCry.
But as a last stand against cybercrime, have reliable backups so that in the even that an attack is successful, you won’t be faced with a ransom payment, and costly downtime.
Want more great technology updates, news and other industry information delivered directly to your inbox? Subscribe to the blog and each week you'll get new useful tech news you can use.
Need Reliable IT Services?
Stop settling and get the IT service your business deserves by partnering with Corsica Tech for your IT needs.
Relying on our specialized expertise allows you to focus on running andgrowing your business, secure in the knowledge that our trusted team is managing and maintaining the critical business systems that protect the heart of it all.
Our expert IT solutions are both affordable and innovative, allowing businesses of any size to enjoy world-class IT management and network security services as well as access to modern, flexible technology tools and resources. With a focus on quality, reliability and exceptional customer service, we can help you make technology your competitive advantage.