Refine Your Search

WannaCry Cyberattack: Highlighting the Importance of Cybersecurity

Friday saw one of the largest cyberattacks in recent history, with the WannaCry ransomware infecting over 50,000 machines in over 100 different countries and 28 languages. The attack affected numerous organizations including the National Health Service in the United Kingdom, Telefónica in Spain, and FedEx in the United States.

The Attack
The attack motivated a global and immediate effect due to being packaged as part of an exploit tool called ETERNALBLUE, which leverages a known vulnerability in Windows. The Server Message Block (SMB) vulnerability (MS17-010) was patched in March as part of Windows Updates; however, older systems that are no longer supported would not have received the patch, and many supported systems were simply not updated.

The exploit is delivered via an email attachment, and once detonated, WannaCry spreads the ransomware through RDP sessions and the known vulnerability. The ransomware propagates as far and as fast as possible, encrypting target files and presenting a ransom note to each victim. The ransom notes demand $300 in Bitcoin to unlock the encrypted files.

As of Monday afternoon, the situation seems to have stabilized. A ‘kill switch’ has been triggered to prevent new infections of this variant of WannaCry from spreading and many internal IT departments have quickly scrambled to implement the Microsoft patch over the weekend.

The Bigger Picture
This outbreak highlighted several issues plaguing today’s modern global organizations. First, many organizations are still running outdated versions of Windows that are no longer supported by Microsoft, which represent a significant risk. Secondly, many organizations did not implement the patch on their supported systems. This signifies a larger issue around patch and configuration management and highlights the importance of maintaining a strong patch management program to help protect the security of your systems and data.

A mature patching program should receive, test, and implement patches from its vendors promptly, with an expedited process available for critical security patches, as was the case with MS17-010. (The MS17-010 patch was released two months ago, with a ‘critical’ security status).

What can you do now?
User awareness and training are the best prevention against ransomware and email phishing attacks.

Individuals and small businesses should follow these critical steps:

  1. Perform Windows Update on all machines to ensure the latest software patches have been applied.
  2. Ensure your anti-virus product is up to date and scans your system on a frequent basis.
  3. Ensure your organization’s data is backed up regularly.
  4. Have a strong data backup program that can protect you and your small business.

For larger organizations, follow these steps:

  1. Apply the latest Microsoft security patches to all Microsoft servers in your environment.
  2. Ensure all critical data is backed up regularly and conduct backup tests to ensure usability.
  3. Confirm your anti-virus is up to date and has completed regular scans over the last 24- to 36-hour period.
  4. Continue to educate your employees on the importance of security awareness, identifying email threats, and understanding the necessary steps they should take to report a suspected issue.

 

If you’d like to discuss cybersecurity and your organization further, please contact our cybersecurity team.