Ransomware

How to protect from Ransomware

Right on the heels of President Trumps executive order to improve the state of Cyber Security in the US the entire world is being hammered by one of the largest ransomware attacks in history.  The new ransomware Wannacry has run rampant across the globe infecting more than 200,000 computers in 150 countries.  Here is some background on this threat, who is vulnerable, and how to protect your business.

Ironically, Wannacry was identified by the NSA months ago, and they kept the code on file to be used as a potential surveillance tool.  The NSA was hacked by an organization known as Shadow Brokers, who in April released a cache of stolen NAS documents on the internet including details about the WannaCry vulnerability.

The recent attack has seen the virus spread rapidly.  The virus spreads across computer networks using standard file share technology used by PC called Microsoft Windows Server Message Block or SMB.  This is the most typical path for infecting a network, but researchers have already identified variants of the virus that may have other methods of propagation.

The virus exploits a vulnerability in older Windows operating systems such as Windows XP and Windows Server 2003.  If you’re using a more recent version of Windows and you’ve stayed up to date on your patches you should NOT be vulnerable.  However, if you haven’t stayed up to date on patches you remain vulnerable until they are patched.

The advice is to update Windows immediately.  If you’ve been keeping up to date, you likely received a patch to protect your system months ago.  Take the time to check and make sure that you’ve applied all available security patches from Microsoft.  Another recommendation is to block TCP port 445.

If infected, you will have your data encrypted so that it becomes completely inaccessible.  You’ll then receive a prompt asking you to pay a ransom to gain access to your data again.  If the ransom isn’t paid within 72 hours, the price can double, and after a few days the files will become permanently locked.

The FBI and many security professionals don’t recommend paying the ransom.  If your computer gets infected the best course of action is to wipe the machine and reinstall windows.  Then restore from a backup.  If you don’t have a backup of your data, you’re going to be in a real bind.

The good news, if there is any with this situation, is that the virus only infects windows machines.  That means that your apple, and android devices are not at risk from this threat.

This hopefully will serve as a wakeup call for many businesses that are still using antiquated technology.  Windows XP has been end of life from Microsoft for over 3 years, and yet is still common to see in production.  End of life means that Microsoft has not released patches for XP for 3 years!  The longer they have been end of life, the more vulnerable these machines become.

If there is any good that can come from an event such as this, it’s hopefully that business owners will finally take these threats seriously.  They should make a plan of action to eliminate such technology from their networks.  This kind of vulnerability highlights just how devastating the effects of such neglect can be.  The problem can be destructive, and the solution is simple.  Use current technology, and do regular maintenance, applying patches and updates as they become available.