Unfortunately malicious software is an everyday occurrence. As of Friday May 12th a massive ransomware attack dubbed WannaCry infected over 230,000 Windows computers in over 150 countries. It’s spread was fast and furious. WannaCry ransomware held the victims computer/data for ransom by encrypting it. Among those affected were corporations in nearly every sector, governments across the globe and individual end users. It is important to note one should NEVER pay ransom but rather take preventative steps to ensure you can recover from such an attack. Despite its destructive capacities it has much to yield in lessons learned to everyone from small businesses to large enterprises. But before we explore the lessons learned, let’s understand WannaCry a bit more.
WannaCry is Microsoft Windows ransomware which is software that locks your files by encrypting them and demands you pay a ransom in order to get them back. The unique thing about this Ransomware that made it a bit more pernicious is that it was network enabled or had the functionality of a network worm software. This feature allowed it to propagate from machine to machine rapidly on a local network and across the Internet. Doubtless, this among a few other factors, this made it successful at propagating its malicious means elsewhere. Sadly, WannaCry didn’t have to have as big an impact as it did. If organizations embraced the 5 steps we detail in the remainder of this article they will be a less likely target for malware. More importantly they will be able to recover if and when it does happen.
Patch Always & Often
Wannacry took advantage of a Microsoft vulnerably which had been patch months earlier. Unfortunately there are still many businesses which don’t have an organized patch management solution in place. Had they patched this known vulnerability (MS17-010 to be exact)Wannacry wouldn’t have been a problem for them. Other organizations may have a patch management solution in place but are very conservative on deploying them as they want to test them first. Either way, organizations need a patch management solution (and process) in place and it needs to be accomplished in a timely fashion. More pernicious malware is certainly forthcoming, organizations need to be more swift to patch for known vulnerabilities.
Backup & Verify
It should go without saying that your organization should have backups in multiple forms. These backups should be both local and remote in the form of tape, disk or online/cloud backup. In all cases these should be encrypted and secured so they don’t fall into the wrong hands. The backup process should be automated and monitored to assure it is working. Additionally, your organization should test these backups as part of your disaster recovery exercises.
End User Security Training
Security awareness training is crucial as your users are often the weakest link in your information security efforts. Even with the best technological solutions in place an end user can be manipulated into clicking on a link and installing ransomware. Time and effort should be invested in end user security awareness training on an annual basis at the very least. Having your employees aware of and sensitive to these (and other) information security issues is worth every penny.
Use Best Practices
Nearly all industries acknowledge “Best Practice” techniques, methods, or process. These are tried and true methodologies that are known pathways to success. Best practices in IT today are an amalgamation of known frameworks from the industry associations, certification bodies and government organizations that espouse these successful methodologies. For example in a previous post we already outlined some best practices on defending against ransomware used withing Evolutionary IT.
Holistic Defense in Depth Thinking
Many in the technology world tend to think of firewalls and anti-malware are a magical panacea. Fact is, it isn’t. Reducing our risks requires a new kind of thinking. Smart investment in a layered approach to information security. That is to say, next gen anti-malware & firewalls are a good starting point – not a panacea. For example we should be doing the following in addition to what I’ve explored here (this is by not means an exhaustive list):
- Disaster Recovery/Business Continuity Planning
- Don’t Run EOL (End of Life) Hardware or Software
- Incident Response Planning
- Best of Breed Anti-malware
- Least Privilege
- Deploy Soft/Hardware Firewalls
- Deploy IPS/SEIM
- Embrace Secure Coding Practices
- Regular Security Assessments & Penetration Testing
Also, we should remember that technology isn’t the only part of this puzzle. To improve our security posture we should think expansively about investing in people, process & technology.
What’s to Come
Wannacry is by no means the end of the road for ransomware but rather a sad reminder of challenging future. A new ransomware variant will quickly take its place which is more destructive than its predecessor. So let’s all take the right steps forward so we can look back having learned the lessons of Wannacry.