If you’ve happened to catch the news from any media source lately, you might have noticed just a touch of mass hysteria from the press about a widespread Ransomware attack known as WannaCry. The unfortunate truth is that Ransomware and other malware attacks similar to WannaCry occur all the time and will into the foreseeable future. The media just now seems to be taking significant notice of what has been a long-time, serious threat to businesses and individuals worldwide.
The key takeaway from this recent event is not to panic, but rather to make sure your company has taken all the necessary steps to protect itself against the many different types of cyber threats that already exist as well as those that will certainly arise in the future.
What is Ransomware?
Ransomware is a Trojan virus that gains access to systems normally through “phishing” messages sent to company employees via unsolicited emails, links and attachments. The bad actors “phish” for responses (involving clicks on links or opening attachments) by tempting individuals with interesting links or offers that seem to be great deals or contain some valuable information. Once the virus gains access to the user’s system it immediately locks out legitimate users via encryption from their website and/or from critical data files until a ransom is paid. The ransom amounts vary greatly and often are demanded in the form of the unregulated digital currency known as Bitcoin. Once the victim pays the ransom, they are then sent a decryption key to regain access to their system. However, sometimes the ransom is paid and either nothing or a non-working key is sent, making the experience that much worse. Most experts discourage the payment of ransom because of this possibility. They also maintain that paying the ransom only emboldens cyber criminals to launch more attacks.
Summary of WannaCry Ransomware Attack
The WannaCry ransomware attack locked down computers worldwide by taking advantage of a security vulnerability in Microsoft operating systems older than Windows 10, specifically in an outdated feature known as SMBv1. Both desktops and servers have been frozen by this infection. In the last few months, Microsoft had sent out security updates specifically to remedy this problem, but many infected users never properly updated their systems. In addition, many individuals and companies using pirated versions of operating systems were vulnerable to this cyberattack. China was hit especially hard because of the prevalence of illegal versions of Windows operating systems.
A well-organized team of hackers calling themselves “Shadow Brokers” is behind this disruptive event, with experts theorizing that they are exploiting a bug first discovered by the US National Security Agency (NSA). As noted in the opening paragraph, there is nothing unique about the phishing methods of the WannaCry ransomware attack, but some experts are saying it has the potential to become the most widespread of any ransomware event. The latest estimate is that more than 300,000 computers have been infected in at least 150 countries. Notable companies and organizations that have been impacted by this attack include the UK’s National Health Service, Russia’s Interior Ministry, FEDEX, and Germany’s national train system.
The WannaCry ransomware hackers are demanding a ransom of $300 worth of Bitcoins to unlock a victim’s system. If this amount is not paid in three days the ransom doubles. After a week of no payment, the virus is designed to delete all encrypted files. There are reports that the equivalent of about $60,000 in ransom has been paid out by various victims so far. Some observers suggested that the relatively small amount of ransom money demanded by the hackers emphasizes that this attack is more a show of force rather than an attempt to get rich.
Interestingly, the pace of the infection was slowed dramatically by a 22-year-old cybersecurity expert, Marcus Hutchins, known as MalwareTech. While studying the virus, Hutchins accidentally found a “kill switch” the hackers had built into their attack, which involved registering a specific domain name. He spent $10 to register the domain name and dramatically halted the spread of the infection. This lucky development bought time for security experts, particularly in the US which hadn’t been hit as hard yet, to update and patch security weaknesses. The bad news: new versions of WannaCry ransomware have already been detected that do not have the same kill switch.
How Network Depot Protects Clients Against Malware and Ransomware like WannaCry
At Network Depot we believe in using a system of barriers similar to a castle’s defenses to effectively protect a company’s IT assets. Here is a brief summary of these barriers:
- Firewall: We use SonicWall firewall as your first line of defense. Think of it as a well-designed perimeter defense.
- Local Antivirus: We make sure we have the latest and most effective antivirus applications installed on your workstations. However, using just antivirus applications will only protect you from about 60% of malware threats.
- System Updates and Patching: We make sure to install all patches and system updates recommended by software and hardware providers. These tools are crucial in addressing known vulnerabilities that cyber criminals often exploit, such as with WannaCry.
- Email Spam Filter: We use a third-party anti-spam solution located outside of your network to block any suspicious emails from getting delivered to your mailbox.
- Backups: We robustly back-up all servers on a continuous basis. In the unlikely event that the malware penetrates all the barriers described above, we will be in the position to quickly recover and restore your critical data.
Steps You Can Take to Protect Yourself and Your Company Against Malware
- Remember that employees are always the weakest link: Do not use unfiltered personal email at work or on company networks. This is the most common source of ransomware infections. Train your employees thoroughly in the best security procedures stressing that they should never engage in the following risky behaviors on their work devices: clicking on website links, visiting unknown websites, downloading illegal or pirated software and media, opening attachments, and responding to email offers. Your employees should also always use strong passwords and practice password change control.
- Limit the number of employees with access to sensitive information: We recommend only allowing highly-trained and security-conscious employees to have access to sensitive data. In addition, we recommend that these selected personnel only receive the minimum amount of access necessary in order to effectively carry out their responsibilities.
- Be suspicious of phone calls from “Helpdesk employees” requesting access to your Device: Many cyber criminals pose as Helpdesk personnel or representatives from Microsoft Support and request access to your device via phone calls or chat messages. Our CEO compares this to a vampire slyly requesting to be invited into your house, as this is the only way they can gain entry. Don’t ever invite potential hackers into your network. In short, always be suspicious. Call Network Depot or your IT Support provider directly to ensure you are receiving proper assistance from a legitimate source.
- Don’t get hooked by Phishing emails: Always be wary of seemingly legitimate emails pointing to strange links or attachments or requesting access to sensitive data. A new twist is “Boss Phishing,” when you receive unusual or urgent requests seemingly from your boss or another known source. If the request involves access to anything sensitive or is related to money, always contact the source directly (via a phone call) to verify the request.
- Remember to Reboot Your PC: Always reboot your PC after you have received and completed an update request. Rebooting allows your system to apply the necessary updates to protect your network.
- Work with an IT Support expert: There’s no substitute for experience and expertise. We recommend you use a reliable IT Support provider, such as Network Depot, to test the vulnerability of your website and network. A skilled IT professional can conduct vulnerability scanning and penetration testing of your company website and your entire network. It is also important to work with an expert to ensure your company has robust backups in place along with a comprehensive disaster recovery plan in case your system is breached or compromised in any way.
No one can say when the next major WannaCry-type cyber attack will occur, but there is no doubt that it is only a matter of time. More importantly, there will also be persistent, smaller cyber attacks that will never cease as long as cyber criminals can cause disruption and earn money from their nefarious efforts.
Equipped with this valuable knowledge and the assistance of a reliable IT Support provider, your company will be able to effectively protect itself against the inevitable malware attacks the world will face in the future.
This article was written by Network Depot’s Marketing Director, Chris Sylvester.
For assistance with cybersecurity or any other IT-related issues, please contact us here at Network Depot.