Protect Your Business from WannaCrypt/WannaCry Ransomware Attacks
As was widely reported on Friday 12th May, a ransomware virus which initially seemed to target NHS Trusts was released, creating panic and major disruption. As it turned out, not only were NHS trusts the victims, but also a large number of other businesses were affected.
The virus targeted a known vulnerability in certain operating systems (primarily Windows XP and others with out of date security patches), with additional downtime caused by systems being shut down to prevent further infection.
The virus, where successful, would encrypt the device requiring either a ‘ransom’ to be paid in cyber currency Bitcoin of between $300-600 OR a potentially time consuming restored system backup (if backed up data was correctly and regularly taken).
IT Security has always had an extreme focus; from protecting company assets and IP to preventing business disruption. The role of the CISO has never been more demanding with multiple routes of entry emerging due to changes in working patterns such as BYOD, Cloud and IoT.
As noted in Symantec’s ISTR report for 2017, these types of breaches are on the increase, with Web showing a reduction, potentially due to some of the online web protections offered.
A recurring behaviour of cyber-crime is that criminals often seek the route of least resistance with the maximum returns. Interestingly, the Guardian reported that the latest ransomware had only yielded around $20,000 although this was fairly early in its impact.
Generally ransomware is generated by some intelligence and data gathered by ‘phishing’ attacks. These can often take the form of a two or three stage approach, by focusing on a trusted subset of users that will trust certain sources and click on links the criminals know they have a captive audience to spread malicious code.
Ransomware reverses the normal breach which exploits protected data to leak out, but infiltrating the protected data and making it inaccessible by anyone that doesn’t have its crypto key to unencrypt.
With the rise of leaked information sites such as WikiLeaks and the various governments experiencing leaks of information (Eg: NSA in the USA), certain levels of data are made available to the public, either knowingly or not. Additional knowledge that certain elements of IT are no longer supported with security updates, but still widely used (Eg: Windows XP) mean that they are targets.
Ransomware itself is easily accessible with kits available online so if you have the means to create the code you can certainly distribute it easily enough.
As a leading security adviser said:
“You cannot guarantee security of your infrastructure, it is a moving target with changes, weaknesses and malicious code being released daily.
“When a burglar targets a house, he will be put off if an alarm and security lighting is in place versus a house that doesn’t. You make sure your house is just that bit more difficult or challenging that a neighbours.
“You can do this to your estate in a similar way by utilising prevention methodology which isn’t one system, but a holistic set of products that provide the solution required.”
Overall, and leaving the blame game to the politicians, you can take steps to protect yourself:
- Patch everything regularly; Microsoft have released their first patch for Windows XP in 3yrs to counter this, but this is a one off;
- If you can’t patch everything, consider all unsupported applications for upgrade, replacement or decommission;
- If you can’t replace, consider the area of the estate where these legacy systems reside and consider segregation;
- Consider training all staff on what to ‘trust’ when on the corporate domain – for both corporate devices and personal ones. The impact to work and home if malicious code can break through could be extremely damaging
The bad news is that this isn’t going away, as the ISTR report showed Ransomware is getting more ubiquitous, the business disruption demonstrated at the weekend was crippling and there are low effort, low cost steps to minimize the risks.
The good news is that SCC has a set of security based services to ensure you can prepare, plan and react to any security or cyber challenges that may be a risk to your business:
- Accredited and experienced advisory services across a number of security vendors such as Cisco and Fortinet as well as Symantec, Mimecast, McAfee and CheckPoint
- Multi-layered design approach considering security a whole for our customers taking into newer technologies such as Sandboxing
- Security solution based on business need considering both on premise and cloud subscription services to build Advanced Threat Protection and defence in depth into the security fabric
Contact SCC today at [email protected]