May. 17, 2017
CIOs have had one word on the tip of their tongues this past week – “ransomware.” The WannaCry ransomware attack has companies of all sizes, in all industries, on edge since locking down more than 300,000 systems in at least 150 countries. Following the first Bitcoin ransom, many in the C-suite are wondering, “who’s next?”
For some, the ransom is a small price to pay to regain access to invaluable files, data, and intellectual property, especially in hard-hit financial and healthcare organizations. But what put them at risk in the first place? What exactly is ransomware, and how can your organization avoid it? And if you emerged unscathed from WannaCry, will it be smooth sailing from here on out?
The answers to these questions – in particular the measures that can help keep security breaches at bay – might surprise you. For an in-depth analysis of the current WannaCry threat landscape, visit the Talos blog from Cisco Security’s threat intelligence team.
What is Ransomware?
Ransomware is type of malware that compromises hosts and encrypts files. It is a denial of access attack that renders your computer – or, in some cases, several machines across an entire network – unusable by locking it down until you pay a ransom. Ransom amounts can vary, depending on the attacker, and more often than not are demanded in Bitcoin, an anonymous internet payment. Once the ransom is paid, you (usually, but not always) receive the code needed to access and decrypt the system and/or files.
What is WannaCry?
The prolific WannaCry ransomware attack takes advantage of a security vulnerability in Microsoft systems, specifically Windows XP, Windows 7, and Windows Server 2008. With older operating systems comes the task of keeping up with security and software patches, which can often be a time-consuming, expensive undertaking.
What makes WannaCry so dangerous is that it uses worm-like functionality to quickly replicate and spread throughout infected systems. It has the capability to scan heavily over Server Message Block (SMB) network protocol used to share files between computers, enabling the malware to rapidly replicate. Similar capabilities were present in the SamSam ransomware from 2016.
An astute researcher in the U.K. discovered a way to temporarily block WannaCry, but security updates are still critical for all Windows systems. Microsoft released a security patch back in March to address the security vulnerability and has already released an update that covers Windows XP. However, like all viruses, it is likely that mutated versions are on the verge of being released.
How Can I Prevent a Ransomware Attack?
If you have not already paid attention to ransomware defenses, now is the time to exercise diligence. A second wave of WannaCry is likely on its way, if it hasn’t already arrived, and other types of ransomware will continue to wreak havoc.
So, how can you limit the risk of being held hostage by this or the next big threat on the horizon? There are several relatively straightforward steps to take to lessen your chances of falling victim to WannaCry and other malware.
Be sure your software and security solutions are up-to-date, particularly if you run Microsoft Windows. Failing to install updates and patches leaves your systems vulnerable; all organizations should follow this advice, not just those at risk for WannaCry.
As Homeland Security Advisor Tom Bossert said this week, “The worm is in the wild, so to speak, at this point, and patching is the most important message.” Follow patching best practices to keep machines fully up-to-date. Microsoft Security Bulletin MS17-010 has specifics for WannaCry, in particular. If the vulnerabilities aren’t patched, your organization will continue to be at risk for infection by this ransomware.
Software patches are only a first defense, however. Ensure your network is adequately defended from threats by implementing additional cybersecurity best practices, including:
- Back up your data regularly. Data backups can’t be held for ransom! Some previous victims of ransomware used backups to restore data and sidestep paying the attackers.
- Define and implement a multi-layered, defense-in-depth security approach that protects the many vectors ransomware looks to exploit. This helps limit the installation, spread, and execution of malware like WannaCry.
- Educate your employees about security best practices. Don’t underestimate the role of human error when malware strikes. Many cybersecurity breaches start with a careless, seemingly benign error made by a team member – like clicking on a link or attachment in a phishing email.
- Integrate state-of-the-art cybersecurity services and solutions into your security protocols. For example, using cloud-based solutions, you can block connections from malware to internet-based command-and-control servers that can effectively trigger a “kill switch” and render a virus ineffective.
- Consider upgrading your systems, in particular your networks. Yes, this is a large – and often costly – undertaking, but it provides a more stable, more agile, more secure foundation for all of your organization’s digital endeavors.
The cybersecurity threat landscape is expanding daily, stretching already taxed CIOs and IT departments to their limits. The rapid onset of WannaCry and similar malware stresses the importance of a simple, open, and automated security approach. When combined with industry best practices that address the complexity of the modern threat landscape, you can turn cybersecurity into a growth advantage – and thwart threats old and new.
Take a deeper dive into the aftereffects of WannaCry. Help your organization prepare for the next wave of cyber attacks.