Why this Attack is Different
Stories of a new ransomware attack flooded the news on Friday, and by Sunday more than 200,000 individuals and 10,000 organizations in 150 countries worldwide had been hit. The size of the attack makes this exploit stand out from the others, but it also sheds light on how fast any new exploit can propagate. This is the world we now live in. Gone are the days of popup ads and browser data theft, and along comes exploits that make you pay to get access to your own data.
This attack will not be the last of its kind. In fact, the WannaCry Ransomware is based on an NSA tool that was recently leaked to the public. It’s only one of several tools developed by the NSA and now out in the wild.
The largest organizations, like the U.K.’s National Health System, got the most news coverage, but smaller organizations are just as likely to be targeted. Even if you are a one-person shop, you should take precautions to keep from falling victim to this and future attacks.
How Can You Stop It
Education. Learn how to spot fraudulent emails. This and other ransomware spread through your network because of vulnerabilities in the operating system. However, it first infiltrates your network because someone clicked on a link that they shouldn’t have.
It’s been said a million times before, but people get in a hurry and don’t always pay attention. Don’t download files from people you don’t know, or that you aren’t expecting. You have to get your staff into a security mindset, where they believe every email could be “the one”.
Patch your software. Run Windows Update or the update for whatever operating system you computer is running. Check often for updates from third-party applications like Adobe Acrobat and Flash Player. If you are running an organization with several systems, invest in a monitoring system that allows you to track patch levels for all of your systems (or hire a 3rd party to handle it for you).
Once a single system on your network is infected, it will search every system to look for an exploit, so it can infect everything else on the network.
Don’t forget to patch servers, printers, scanners and other devices on your network. They all have underlying operating systems that can be exploited, too.
Use Multi-layered Security. Don’t depend on patching, alone, to keep an infection at bay. You should start with filtering incoming emails, to stop the email from reaching your employees to begin with. Then, you should have a firewall in place that scans incoming files for viruses. Run antivirus and anti-malware software (yes, probably both), on your device. For more sophisticated networks, you can enable port firewalls on your switches – shutting down ports once an infection is found. The more layers, the better your chances of avoiding a network-wide infection.
Backup your data. Your data cannot be held ransom if you have another copy of it. This could be as simple as saving your files to a thumbdrive, to backing up your entire infrastructure with versioning. Don’t forget to patch those backup servers, so they won’t end up infected, too!
Why our clients don’t have to worry
If your company is a client of SomethingCool.com’s KRIS Managed Services, you are safe. We automatically apply operating system and 3rd party patching, updates to antivirus and antimalware software – and monitor it all for any issues. We provide a layered system of defense with perimeter firewall and antivirus software. In cases like this, we implement 3rd party tools to do additional scans of our clients’ networks, to ensure all of the patching is happening like it should. Our clients’ data is backed up, with several historical versions, to be able to go back before any infection occurred.
Possibly most importantly, all of SomethingCool.com’s KRIS clients have access to free employee training. We provide annual video training, with a certification for each employee – along with weekly mini trainings, to keep employees aware of the latest threats, and how to avoid them.
No matter what the size of your organization, employee education is the most fundamental step in avoiding an infection.
Additional information from our partners:
SANS Digital Forensics and Incident Response Blog: https://digital-forensics.sans.org/blog/2017/05/13/wannacry-ransomware-threat-what-we-know-so-far-webcast-slides#
Microsoft Customer Guidance on WannaCry Ransomware Attacks:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Kaspersky: https://blog.kaspersky.com/wannacry-ransomware/16518/
