There’s been a lot about ransomware in the news this last week, but before we dive into the latest “WannaCry” attack let’s recap what ransomware is.
Ransomware is a malicious software distributed through email attacks (also known as phishing), compromised websites, or by exploiting some other security vulnerability to gain access to your system. The malware, once downloaded, encrypts your data and presents some sort of message telling you that you’ve been locked out of your files. Encryption is typically used to secure data by encoding it so that it’s only readable using a secret code—a “private key” is the typical terminology used in cryptography—and the encrypted data is undecipherable without that private key. In this case, hackers have this key and will only return access to your data if you pay them.
Wannacry is just the latest widespread incidence of ransomware. WannaCry was discovered last Friday (May 12) after it began to affect computers around the world. This new outbreak was first reported in the UK where it infected systems of the UK’s National Health Service, causing chaos and impacting patient care. It quickly spread all over the globe, hitting Europe the hardest. Along the way, it infected banks, telecommunication providers, and many high profile organizations all over the globe including FedEx in the United States.
WannaCry is more dangerous and has spread faster than your average piece of ransomware because of its use of a vulnerability in the Windows operating system first disclosed as a part of the Shadow Brokers leak of documents and tools from the US National Security Agency. This particular exploit involves what is known as a “remote code execution” vulnerability, meaning that the virus can take over other computers over the network, remotely, without needing to trick someone into opening an email attachment or click a link. It can infect vulnerable systems en masse and without any human intervention at all.
If infected, WannaCry will begin to encrypt all files on a user’s device while attempting to access network resources—both encrypting data on file servers that it can reach but also attempting to spread itself via the aforementioned “remote code execution” vulnerability.
How can you protect yourself?
Back in March, Microsoft released a patch for the vulnerability that WannaCry exploits for Windows operating systems that were still under their “extended support”. Basically, for Windows 7 and everything newer.
On May 14th, Microsoft took the extraordinary step of releasing patches for XP and Vista-era computers as well even though those products are older and past their long-publicized end-of-support dates. In light of this, WannaCry has re-ignited the debate over the ultimate responsibility for securing out-of-date computer systems like those still running Windows XP in this day and age. If you are still running Windows XP or Windows Server 2003, consult with your IT department as some special intervention may be required to ensure you are protected.
In short though, if you are running a recent version of Windows and have Windows Update enabled then it should already be protected against WannaCry. Make sure that you are paying attention to those Windows Update notices and letting it update and reboot promptly! If not, you should make sure to install the patch as soon as possible.
Protecting yourself and your company against WannaCry is important, but so is protecting against any ransomware attack. It’s next to impossible to be completely safe on the internet, but it’s important to do everything you can. The following are our suggestions to keep you safe.
Update Your Operating Systems
As evidenced by WannaCry, a lot of hackers will attempt to use vulnerabilities in old software, especially those that have passed their extended support period like Microsoft XP. If you’re still running Windows XP or Windows Server 2003, it’s way past time to upgrade. Continuing to run these operating systems is unsafe and puts your business at extreme risk.
Backup Your Data
We’ve mentioned it time and time again but backing up your data, keeping those backups secure and separate from your servers, and monitoring to make sure those backups are successful is one of the most important things your business can do. Check out our post dedicated to it for more information.
Use Anti-Virus Software
On our internal and client devices we use Bitdefender, and while that may not be your choice it’s important to use one. When choosing make sure it’s reputable and widely known. Antivirus can help keep malicious files from downloading, block installs from websites, and scan for anything that may already be on the device.
While antivirus products don’t always catch new and novel things like WannaCry right away, they do catch the vast majority of threats and can often be updated quickly to mitigate new threats once they are discovered.
As a company hyper-focused on security we know that doing all of these things, and maintaining them, can be difficult but they are extremely important. If you have questions, or want to see how handing these tasks over to experts could help you and your company, give us a call or send us an email!