When Worms Make You Wanna Cry

When Worms Make You Wanna Cry

Ransomware raising its ugly head again...

Across the globe this past week and especially into the weekend, the world of computer security had a bit of a wake up… to the tune of over 100,000 users infected in over 100 countries by Saturday afternoon! It has affected everything from home consumers to major organizations. Reported in the victims are the Spanish telecommunications company Telefonica and at least 16 National Health System facilities. The worm doesn’t care!

Now before you panic, there is a lot you should know about what is happening. CisCom is about empowering informed decisions, so read on to know how you can keep your business safe in these situations.

 

 What is WannaCry?

This is a very good question, because in all reality, it shouldn’t even be something we are talking about. The vulnerability that the worm exploits was discovered in February and patched by Microsoft in March, and yet… here we are post-Mother’s Day with a small panic of ransomed computers.

WannaCry (or WannaCrypt, WanaCrypt0r, WCrypt, WCRY, you get the idea) is a ransomware virus like so many others. Once your computer is infected, your files become encrypted, and a message is displayed demanding money for the release of your personal or business information. Like most ransomware, there is no guarantee that paying the ransom will work either. After all, it is a criminal that infected your machine, and there is no honor among thieves.

Unlike most ransomeware, this variant requires little-to-no interaction from an end user to start wreaking havoc. There is still the initial weak-point entry of an unsuspecting employee falling victim to social engineering and a phishing scam, but after that, the little worm does its thing all on its own. It quickly embraces its new-found freedom and executes commands that encrypt your files and then search out other vulnerable PCs and servers within your office network. Cute, huh.

 

ransomware wanacry secondary

 

How to protect against it?

Like most things, the best protection is a good prevention! If you want to keep an engine running smooth, change your oil. Want your clothing to last longer? Wash them frequently, fold them, and hang them up. Want a healthy lawn? Water and mow regularly… or in the case of most yards around the “Kentuckiana” areas these days, just mow. The point is you can go without an oil change for as long as you want to risk it, leave dirty clothes in piles everywhere, or grow a mini jungle in your backyard. However, we all know that you’re just asking for engine problems, people won’t want to be around you, and even though your mower can take on the Amazon… it shouldn’t have to.

The same applies to the servers and workstations being used in your place of business.

Our partners at BitDefender had this advice to offer on protection:

1. Disable the Server Message Block service on the computer if patching is impossible. 2. Install the patch. 3. Back up your data on offline hard drives. The ransomware malware will encrypt files on external drives such as a USB thumb drive, as well as any network or cloud file stores. 4. Patch and Update your software and make sure you have all Windows updates on your machine.

 

Yet another CisCom partner, SonicWall gave some very useful tips in a blog entry including this one:

Ensure all email security services are also up to date to block malicious emails.  Since 65% of all ransomware attacks happen through phishing emails, this needs to be a major focus when giving security awareness training.

 

Two very critical pieces can be pulled from those tips: keep your systems updated and security awareness training. According to Microsoft, not only was this vulnerability patched back on March 14th of this year, but the worm was only designed to attack Windows 7 and Windows Server 2008 (or earlier) systems. This is important. What is being called by some as the biggest ransomware outbreak in history could have been prevented entirely. It wasn’t a clever hacker that is 100% at fault here. It was government and corporate negligence in prioritizing their security standards.

That brings me to security awareness training. Your company needs it. No no. Trust me. You do NEED it. Like every other malware attack ever, it only gains entrance to your system by someone opening the door and letting it in. Phishing emails are the equivalent of a stranger knocking at your door, walking up to your safe, and telling you something interesting. Then you hand them the code to get in, because they were familiar sounding, good looking, or funny. Your company needs security awareness training because of enterprise-level “stranger danger”. Social engineering is a deep-pocketed, cutting edge industry at this point, and simply thinking that you can go on without proactive training for your people is asking for trouble.

Lastly, in the event an infection does occur, having an offsite backup solution is critical. Without a backup, you are at the mercy of either the hacker’s demands or crushing data loss. With a solid backup plan, you can simply wipe, restore, and move on about your merry day with little interruption. Take that, criminals!

Per the usual, these items can be a lot to keep track of if your resources are tight or simply inefficient. If you need to upgrade your security or simply need someone to keep an eye on things while you focus on running a successful business, hiring a quality MSP (managed service provider) such as CisCom Solutions can be a tremendous weight off your shoulders. After all, your shoulders are already tired from all the oil changing, clothes folding, and jungle mowing.

Looking to rest easy? Contact us today for more information on how the friendly professionals at CisCom can help your business!