As you probably heard by now, a powerful ransomware strain known as WannaCry devastated more than 200,000 computers in 150 countries last month. The outbreak, which started on May 12, infected government, healthcare, and private company computer systems, including UK’s National Health Service and FedEx. Aside from a financial loss, this cyber attack created mass chaos and a logistical nightmare for all involved.
Although this specific cyber attack seems to be under control now, it is important to take a look back at what happened and review what we can learn to prevent a similar attack in the future.
What was it?
WannaCry behaved just like most modern ransomware: Once it was inside the system, it encrypted all data, thereby preventing users from accessing their files. The program then sent a ransom note demanding victims to pay $300 in untraceable Bitcoin currency to restore their data. To coerce users into paying quickly, WannaCry doubled the ransom amount after three days, and threatened to permanently delete all files after a week.
But unlike typical ransomware attacks, which are usually delivered through email attachments or malicious download links, WannaCry spread by exploiting a vulnerability in Microsoft’s server message block (SMB) protocol -- a system used to share files between computers in a network. This flaw, however, had already been discovered and patched by Microsoft since March 14, which means organizations affected likely did not update their devices.
Who was at risk?
Research from Kaspersky and BitSight suggests that machines running Windows 7 x64 Edition were hit the most, with XP and Windows 10 computers practically receiving no WannaCry infections. Regardless of these findings, you should assume any unpatched Windows computer was vulnerable to WannaCry.
Even if WannaCry wasn’t a targeted attack, industries like healthcare, non-profits, and financial services need to be extremely careful because significant data loss can result in huge legal and financial repercussions.
Never pay the ransom
While it may be tempting to fork over the ransom to restore your files, cybersecurity agencies and the FBI do not recommend giving in to the hacker’s demands. For one, there’s no guarantee that they can safely decrypt your files once you pay up. Another reason is they’re more likely to attack you again since you’ve shown that you’re willing to pay them.
Instead, ask your managed services provider if there are any free ransomware decryptor tools available. However, the best defense against any type of attack is a preventive one.
Update your operating system
As mentioned, companies affected by WannaCry were often found to have outdated software. To fix this, simply open your Windows search bar, go to Windows Update, click Check for Updates, and install any critical patches.
After you update, we suggest you disable SMB1 protocol by going to Control Panel > Program and Features > Turn Windows features on or off and uncheck the box that says SMB 1.0/CIFS File Sharing Support. This prevents future variations of WannaCry from exploiting any new vulnerabilities in your network.
Install advanced security tools
Other than OS updates, it’s important to keep your security software up to date. Firewalls and antivirus programs now have updates that will allow them to detect and prevent WannaCry.
Also, don’t forget to install advanced threat detection tools and intrusion prevention systems. These security products typically use behavior-based detection to look for potentially malicious software that have yet to be discovered by security firms. And since new WannaCry strains are expected to appear in the near future, these tools will be essential to your company’s survival.
Employees are your first line of defense
Security tools and updates may protect your business from a majority of cyberattacks, but it is no substitute for security awareness. Your employees must be fully aware of the risks of ransomware and be critical of every link, email, and website. Encouraging good security habits today will save you a world of pain tomorrow.
Backup your data like your business depends on it (because it does)
Even if you take every possible precaution, new types of ransomware could still catch you off guard. Maintaining secure backups allows you to recover files should the worst happen. With cloud backup solutions, you’ll be able to store files in remote data centers and access them from any device that can connect to the internet. This means that if a computer is infected with WannaCry, you can simply open your documents in a clean device.
One missed update, one misclick, or one accidental file download can cause significant damage to your entire business. However, with help from the team at WhiteOwl, you can ensure your business can outlive ransomware and other cyber attacks.