WannaCry IT Security Protection Case Study: What You Should Know
The far-reaching WannaCry ransomware attack made international headlines last year when unidentified hackers encrypted the data of more than 200,000 computers in over 150 countries between May 12–14, 2017. Large corporations or tech giants weren’t the only ones targeted. The attack affected an assortment of entities, from financial institutions and hospitals to banks and individuals. Although it only lasted a couple of days, the effects were long lasting—and so were the lessons learned.
Once a computer was infected and its data became encrypted, the WannaCry perpetrators demanded a $300 ransom payment in bitcoin in exchange for restoring these files. They increased the price until the end of the countdown when the data would be ultimately deleted if the ransom was still unpaid. The attack finally ended when someone discovered a kill switch (just one of the clues that WannaCry was an amateur attack).
The scariest part? All of this could have easily been prevented. It all boils down to the importance of updating systems and backing up files.
The Challenge
The reason WannaCry successfully and quickly encrypted the data of so many systems worldwide had to do with the enormous number of people who did not update their computers right away. It all started with an online leak that exposed a vulnerability in the Microsoft system. EternalBlue is a tool developed by the US National Security Agency that exploited a vulnerability in the server message block (SMB) protocol for network file sharing. Basically, the NSA found out that in some versions of Windows, the SMB protocol could accidentally accept information from remote attackers. The NSA could use this for surveillance purposes. In short, this tool took advantage of a security weakness in Microsoft software. A group of hackers called the Shadow Brokers stole this information from the NSA and leaked EternalBlue online last April.
Fortunately, once the exploit was published (and before WannaCry occurred), Microsoft acted quickly and released a patch for their supported operating systems, Windows 7 and 10. Note that this did not include XP, as Microsoft announced years ago (with plenty of notice to users) that support for XP would discontinue on April 8, 2014. Even as other variants of WannaCry came out in the following days, Microsoft continued to release new patches to protect the systems.
The reason WannaCry was successful (despite all of these patches) is that many people failed to update their systems. WannaCry spread like wildfire because, unlike phishing emails, this computer worm wiggled from one infected computer to a healthy computer.
The Solution
Once the kill switch was found, the attack finally came to an end. Microsoft released an emergency patch for XP and Server 2003, although they were under no obligation to do so since they were no longer supporting those systems. Many people learned the hard way that regularly updating your computer systems is vitally important.
Some systems that were infected had backed up their data, so it was more easily recovered without having to pay a ransom.
Avoid Becoming a Victim
As a company, Electronic Office operates in a proactive (and not reactive) way. None of our clients were affected by WannaCry because of the precautions we have in place. As soon as we sensed this threat, we assembled an Incident Response Team and communicated this security alert to our clients. We evaluated all of our clients’ systems, advised them not to turn their computers off, and pushed out any patches that were missing, which we can manage remotely.
What could have prevented this ransomware attack? Everyone must regularly update their computer systems and back up their data.
We’re Here to Help
Following IT news and protecting your data properly can be a lot to keep up with. An IT company like Electronic Office can take care of this for you. We’re always staying on top of the latest threats and trends. Additionally, we constantly evaluate new and emerging technologies to offer our clients. We currently have the most robust data backup platform in the world.
We regularly patch our client’s systems through a triage policy. We evaluate at what is needed and what is not needed. We manage and understand where our thousands of end points are in their state of patching.
EO offers Security Awareness Training to better prepare users for real-world situations. This training can take many forms including fake phishing emails, training videos, and even alerting our clients to real malicious emails that have been sent.
Even if you don’t have confidential information and think nobody is trying to hack your system, you still need a firewall to protect your networks. Purchasing and installing a best-in-breed firewall appliance is just the start and is not a “plug in and forget it” situation. The key is configuring the firewall to the current threat landscape and consistently maintaining it to make sure that networks are protected from new and emerging threats. Other maintenance includes keeping the firewall current from a support, warranty, and software perspective.
IT Assessments are critical for knowing your current state of weakness, strengths, and vulnerabilities. It’s much easier (and stress-free) to have measures in place so that when the next big cyberattack happens, your systems are safe.
Don’t fall victim to ransomware: The work you do and clients you serve are too important. Avoid downtime and the risk of data loss. Get better protection starting today. Contact us for more information.