By now you’ve surely heard about WannaCry, the large-scale ransomware attack that spread across at least 150 countries last week, taking down more than 300,000 computers (as of this writing) in its path of destruction.
We’ve talked about various ransomware programs in the past, and while this attack has certainly done serious damage, what made WannaCry a game changing ransomware virus is the way it adopted the ability to self-propagate like a worm: there is no user interaction required after the initial activation.
First things first: here’s a quick recap of WannaCry.
Like normal ransomware, WannaCry malware is spread through phishing emails containing an encrypted file. Because this file is encrypted, your computer’s security system is unable to identify it as a malicious attachment. If a user downloads the attachment, it will gain access to the device, encrypt the data, and then demand the user pays a ransom to restore access.
What’s not normal, though, is how WannaCry was created.
"The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency," Microsoft President and Chief Legal Officer Brad Smith explained. He said that when the NSA lost control of the software behind the cyberattack, it was like "the U.S. military having some of its Tomahawk missiles stolen."
The good news for you is, so far, there have been very few victims in the United States. Most victims have been in Europe and Asia. However, this could change, so don’t get too comfortable just yet.
A New Normal
Prior to 2013, a computer virus was just an annoyance – granted, a big one – but the damage it did was generally contained. Ransomware changed that, as it took what was once a frustrating experience and turned into hostage situation. WannaCry marks another pivotal moment in cybersecurity history because of its ability to self-propagate; no longer does ransomware need to rely on emailing itself to a user’s contact list, hoping someone will download its attachment.
We’ve begun to see a new pattern of normal behavior relating to ransomware:
- An exploit is exposed (more and more often through government agency leaks, backdoors that the NSA and others had in place come to light are being used against us)
- Malware, mostly ransomware, is released, leveraging the exposed exploit to hold data hostage
- Vendors race to patch the exploit to prevent the malware from spreading
- IT departments race to put in patches
- Government agencies race to take malware and control servers offline
- A new variation of malware appears, or a new exploit gets exposed
While the steps above may take place in a slightly different order (malware might not be released until vendors and IT departments are racing to put in patches), the point remains that we will continue to see new ransomware developed and deployed because of exposed exploits.
How to Protect Yourself from Future WannaCry and Other Ransomware Exploits
We’ve talked at length in the past about the importance of downloading and installing your operating system’s system updates, as well as why you should only use an operating system that still receives support in the form of security updates, but our advice bears repeating.
In general, the best way to protect your business continues to be by creating a strong layered defense, educating your users to avoid triggering an attack, and keeping up with IT best practices (such as staying up-to-date with patches and always having backups of data) to help mitigate damage should your business fall victim to ransomware.
Cybercriminals are constantly searching for ways to exploit popular OS and programs. As these exploits are discovered, the developers of the programs will release updates to help protect your computer from becoming compromised. If you don’t install these security patches, you put your computer at risk. It’s worth mentioning that that, in this case, the government had been using such exploits but failing to alert vendors. Security patches could have been released to prevent the current global infection rate, but instead, victims are left scrambling to try to mitigate the damage.
When a program becomes so old the developer no longer releases security updates, like with Windows XP, all users are left at risk. That’s why security experts urge users to stay up-to-date with their operating system and other programs.
In addition to always using the most secure version of your OS and applications, educate your end users to be vigilant when opening emails – these attacks often stem from malicious attachments, making it crucial they only download attachments from users they know (and are confident an email they receive from someone they know isn’t actually a spoofed email). To learn more about how to protect your business from ransomware, we encourage you to read our free guide here.
Thankfully, Switchfast’s rigorous patching process helped protect our managed clients from this serious and widespread attack. We haven’t had any clients impacted by WannaCry, and will be continually monitoring the situation as we learn more about this ransomware virus and copycat viruses looking to capitalize on the success of the original copy.
Written by Nik Vargas