What Does Ransomware Mean for the CIO?
Better Prepare Your Organization for a Ransomware Attack
CIO and Executive Line of Business Subject Matter Expert
CIOs have had one word on the tip of their tongues this past week – “ransomware.” The WannaCry ransomware attack has companies of all sizes, in all industries, on edge since locking down more than 300,000 systems in at least 150 countries. Following the first Bitcoin ransom, many in the C-suite are wondering, “who’s next?”
For some, the ransom is a small price to pay to regain access to invaluable files, data, and intellectual property, especially in hard-hit financial and healthcare organizations. But what put them at risk in the first place? What exactly is ransomware, and how can your organization avoid it? And if you emerged unscathed from WannaCry, will it be smooth sailing from here on out?
The answers to these questions – in particular the measures that can help keep security breaches at bay – might surprise you. For an in-depth analysis of the current WannaCry threat landscape, visit the Talos blog from Cisco Security’s threat intelligence team.
What is Ransomware?
Ransomware is type of malware that compromises hosts and encrypts files. It is a denial of access attack that renders your computer – or, in some cases, several machines across an entire network – unusable by locking it down until you pay a ransom. Ransom amounts can vary, depending on the attacker, and more often than not are demanded in Bitcoin, an anonymous internet payment. Once the ransom is paid, you (usually, but not always) receive the code needed to access and decrypt the system and/or files.
What is WannaCry?
The prolific WannaCry ransomware attack takes advantage of a security vulnerability in Microsoft systems, specifically Windows XP, Windows 7, and Windows Server 2008. With older operating systems comes the task of keeping up with security and software patches, which can often be a time-consuming, expensive undertaking.
What makes WannaCry so dangerous is that it uses worm-like functionality to quickly replicate and spread throughout infected systems. It has the capability to scan heavily over Server Message Block (SMB) network protocol used to share files between computers, enabling the malware to rapidly replicate. Similar capabilities were present in the SamSam ransomware from 2016.
An astute researcher in the U.K. discovered a way to temporarily block WannaCry, but security updates are still critical for all Windows systems. Microsoft released a security patch back in March to address the security vulnerability and has already released an update that covers Windows XP. However, like all viruses, it is likely that mutated versions are on the verge of being released.
How Can I Prevent a Ransomware Attack?
If you have not already paid attention to ransomware defenses, now is the time to exercise diligence. A second wave of WannaCry is likely on its way, if it hasn’t already arrived, and other types of ransomware will continue to wreak havoc.
So, how can you limit the risk of being held hostage by this or the next big threat on the horizon? There are several relatively straightforward steps to take to lessen your chances of falling victim to WannaCry and other malware.
Be sure your software and security solutions are up-to-date, particularly if you run Microsoft Windows. Failing to install updates and patches leaves your systems vulnerable; all organizations should follow this advice, not just those at risk for WannaCry.
As Homeland Security Advisor Tom Bossert said this week, “The worm is in the wild, so to speak, at this point, and patching is the most important message.” Follow patching best practices to keep machines fully up-to-date. Microsoft Security Bulletin MS17-010 has specifics for WannaCry, in particular. If the vulnerabilities aren’t patched, your organization will continue to be at risk for infection by this ransomware.
Software patches are only a first defense, however. Ensure your network is adequately defended from threats by implementing additional cybersecurity best practices, including:
The cybersecurity threat landscape is expanding daily, stretching already taxed CIOs and IT departments to their limits. The rapid onset of WannaCry and similar malware stresses the importance of a simple, open, and automated security approach. When combined with industry best practices that address the complexity of the modern threat landscape, you can turn cybersecurity into a growth advantage – and thwart threats old and new.
Take a deeper dive into the aftereffects of WannaCry. Help your organization prepare for the next wave of cyber attacks.