You may have heard by now about the huge--global in scope--ransomware attack that happened May 12th and endured for three days into the following week. It's the largest ransomware attack to date, and has caused quite an uproar in the business world, disrupting and even dismantling some operations. What determines the severity of this attack, and others, for individual organizations? Vulnerabilities. If you don't want to become a victim of WannaCry malware--and nobody should--you need to learn more about the malware itself, and prevention methods. Let's start with a bit of background on WannaCry.
What gave birth to WannaCry Ransomware?
Cyber security experts point the finger at the National Security Agency (NSA). The NSA apparently discovered the vulnerability in Microsoft Windows operating systems some time ago and kept the information secret so it could exploit the vulnerability for its own intelligence activities. Earlier this year, a group calling itself ShadowBrokers leaked the code for NSA cyber spy tools, including NSA's hacking tool called EternalBlue, online. It didn't take long before cybercriminals were at work creating WannaCry ransomware. Once the infection got started, the trojan virus infected a certain number of computers and then began to spread like wildfire using the vulnerability in the Windows Server Message Block to infect other computers on the same networks and then to connected networks.
Are all Windows operating systems at risk?
When Microsoft learned of the vulnerability, the company created security patches for all the updated operating systems which it released this past March. For those computers who update their operating systems through Windows Update automatic feature, the vulnerability no longer is an issue. Users can also manually update the security patch. Consider yourself fortunate if you did this.
Before the attack, the problem still was an issue with respect to legacy-operating systems Windows XP, Windows 8, and Windows Server 2003, which are no longer supported by the Microsoft security patches. However, after the attacks were discovered, Microsoft made security patches available to those legacy systems. Users who run one of these legacy systems and have not installed the security patches, should do so immediately, and of course, from a secure server.
A Serious Global Issue
How many computers are we talking about? Within a few hours of the attack the virus affected more than 100 countries and infected more than 200,000 computers. Unlike most viruses, WannaCry did not seem to rely on emails for the initial contact. It does appear that the virus propagated itself once it invaded a certain number of computers and did not rely on users to click on an email.
Where was the attack centered?
Russia and China were hardest hit. Russia's infection spread to 1,000 computers in its Interior Ministry as well as banks and mobile phone systems. In China, however, the virus infected more than 30,000 computers, many of them universities. China is vulnerable to cyber attacks because it encourages the use of pirated software.
The virus infected Federal Express here in the United States in the initial attack but the virus does not appear to have affected any U.S. government systems. The virus attacked telecommunications systems and gas utilities in Spain and France's Renault automobiles had to stop production.
What was the ransomware demand?
The demand and payment make this attack interesting. The virus encrypted files and then sent a screen message demanding $300 worth of Bitcoin. If the ransom remained unpaid after three days, it increased to $600 worth of Bitcoin. After seven days without payment, the ransomware threatened to destroy the encrypted files and all data would disappear forever. Researchers found only three Bitcoin wallets with a total of only about $50,000 in payments. For such a widespread attack, these numbers are quite low. Security experts say the attackers were not set up very well for Bitcoin payments.
Protecting yourself against ransomware
You've heard most of this advice before but it still holds true, and more so when attacks like this occur. Know that they will continue to happen, so just because you weren’t attacked this time, doesn’t mean you won’t be vulnerable in the future. Cybercriminals are often intelligent and quite sophisticated with their attacks, often upping the ante from any previous large-scale ones. You might be familiar with the following, but all across the world people still do these:
- Don't click on emails if you don't recognize the sender. It’s simple. Just don’t do it.
- Do not click on unknown attachments. Curiosity gets the best of us, but don’t let it dismantle your entire organization.
- The same is true for links in emails. They aren’t harmless, and even when they are in an email from a familiar email address, check it!
- Enable your Windows Update function so that all security patches update when released. This way you won't forget to do it.
- Perhaps most important of all is to back up files on a separate server from the main computer. Consider backing up to the cloud or using an external drive that unplugs when not in use.
- Users of legacy Windows operating systems may want to consider upgrading as soon as possible since they are longer supported by Microsoft patches.
Depending on your business type--some are more often targeted--the above will only help limit some attacks. Don’t be that business that thinks you won’t be targeted. Your operating expenses should have a high-priority line item for this type of protection. Why? If your business is severely impacted, nothing else will matter. If you don’t have the manning or systems in place now, consider a cloud-based solution, such as DeviceGuardian™ that can easily be installed on any existing or new devices. This allows Access Business Technologies to securely manage all of your mortgage software, data, and users. The best part of this is that ABT takes one of the most important aspects of your business off your plate, efficiently and effectively managing your data security without skyrocketing your company’s expenses.
In other news of the when-it-rains-it-pours variety, DocuSign confirmed today that hackers maliciously accessed a separate non-core system and stole more than 100 million email addresses from the company - only email addresses. The hackers took no personal information or addresses. Just another indication, however, that everyone needs to stay vigilant. Cyber criminals make a living off of your vulnerabilities.As mentioned earlier, even if you weren’t attacked this time around, it doesn’t mean your company’s backend won’t be targeted next time. To find out how to protect your company from making negative headlines like DocuSign and FedEx contact us. ABT has an internal department that monitors all viruses, scams, malware, ransomware, cyber-attacks, etc. We work closely with hundreds of Microsoft IT security team members and have developed a cyber-security solution that we have successfully executed for more than 500 mortgage companies, banks, and credit unions.