On Friday last week, a ransomware cyberattack dubbed WannaCry began infecting thousands of PCs around the world. At last tally, it had locked up an estimated 300,000 computers in 150 countries. It is the latest in a long line of ransomware exploits, which encrypt a users’ data and holds it hostage until you pay up — in this case, the hackers demand $300 worth of bitcoin. Here is what you should know about it, and what lessons you can learn before another cyberattack sweeps across the globe.
It’s Easy To Stop
Microsoft released a patch for the particular vulnerability in March, and even took the step this past weekend to issue a patch for older versions of Windows that it no longer supports, including XP, Windows Server 2013, and Windows 8. In other words, systems infected were not up to date. Organizations that struggle to stay current with the latest patches and OS updates need to find help. Consider engaging a managed service provider or look into Remote Desktop Services and other styles of IT infrastructure such as a thin client environment that are much easier to maintain.
Paying the Ransom Probably Won’t Work
As the IDG News Service reported, security researchers note that the ransomware does not automatically release your encrypted data. Instead, it’s an entirely manual process and the hackers have no way to prove who paid the ransom.
The good news is the hackers only have about $60,000 in their bitcoin wallet, which isn’t much considering 300,000 computers were infected. The economics are not working out well. If it’s not highly profitable, one can hope fewer cybercriminals will use this type of attack.
WannaCry Won’t Be The Last
Unfortunately, things like this will happen again and it shouldn’t come as a surprise. Although these particular hackers might not make out like bandits, this attack may still inspire others. WannaCry spreads worm-like via corporate networks within organizations and others may be motivated to make malware that does the same.
Also, this attack was a global event, causing the Washington Post to warn, “The era of cyber-disaster may finally be here”. While WannaCry appears to have first hit in Britain, it spread widely. (Watch a live tracker of the WannaCry botnet’s encryptions.)
Use 3 Layers of Protection
In February, we wrote about How to Protect Your Business from the Rise of Ransomware, and nothing has changed. Our approach uses three layers for IT Security:
- Cloud-based Secure Internet Gateway
- Email Security
- Device and Endpoint Security
Together, these layers actively monitor and protect against ever-shifting ransomware and malware threats.
Back It Up, Bub
You don’t have to pay for your data if you have a recent backup copy you can use to restore your system. A solid backup and disaster recovery plan, with sufficient Recovery Point Objectives, will minimize any disruption to your work.
Not If, But When
You either have a solid strategy in place to mitigate exposure to ransomware cyberattacks and recover quickly, or you’re dangerously exposed. There’s no third option or grey area anymore. This latest attack proved once again that ransomware is not targeted and it’s it does not discriminate based on geography, size of company, or industry.
If you haven’t done so yet, WannaCry is your wake up call to review what measures you have in place, audit the policies and procedures to ensure they work, and test your ability to restore data. And if you have questions about any of this, be sure to get in touch.