What is WannaCry Ransomware? How to Avoid the Threat
According to reports, a ransom note was delivered to the computers of personnel working for organisations such as the National Health Care Service in the United Kingdom and Telefonica in Spain on the morning of May 12th.
Within a few days, security professionals discovered that the WannaCry ransomware cryptoworm had infected more than 230,000 machines in more than 150 countries, according to their estimates.
It is believed that WannaCry infected devices running older versions of Microsoft Windows as it moved across the internet.
Since then, a researcher found a ”kill switch” in the worm’s code. By just registering a domain, he was able to slow down the attack. The group over at Security Intelligence has done a masterful job at following the attack. They are updating their finding on their website.
After the initial shock of the attack wore off, companies were left to deal with the fallout. Moreover, that is what I would like to discuss today. I will look at the current state of IT since the attack and some of the changes I expect to happen in the wake of this event.
The Patch Management Conundrum
WannaCry initially hit some large companies. That helped drive recognition of the attack but also brought into question why so many computers were running without the latest Windows security patches. So how is it possible that established companies are running on unpatched systems?
There’s no simple answer to this question, but I have a few ideas that might help us understand why larger companies suffered the most. First, many IT administrators use group policies that control when and which patches Windows can install.
Some might wonder why IT would not just default to installing every security patch that Microsoft makes available. The fact is that some patches are not compatible with company applications. IT wants to test each patch on a few machines before rolling out updates to the entire company. This is usually an intelligent approach to patch management, but it is a flaw that WannaCry was able to exploit with great success.
Microsoft has aggressively marketed Windows 10 to consumers and business customers. They even made it free or nearly free for a limited time. But not all hardware can run the latest version of Windows. That is one explanation why most computers that were hit by the attack were running Windows 7. A much smaller number were running Windows XP or Windows Server 2003.
One thing we can be certain of is that attacks like these result in many Windows licences being sold as corporations retire old hardware and replace it with new ones. I’m sure the technically skilled will say that the attacks will hasten the transition to Linux, but that assertion is based on several assumptions.
Because a large amount of corporate software is dependent on Windows, switching to another platform is both expensive and time-consuming. If your firm is still using an outdated version of Windows that Microsoft no longer supports, you are putting yourself in a vulnerable situation.
The Cloud Consultant’s Role
The consultant’s role in the wake of attacks is an interesting one. Companies can listen to your advice because they do not want to be the next victim. Alternatively, maybe this is an excellent time to retire that older hardware and move to new PCs.
Alternatively, move some employees to a DaaS or VDI solution. The cloud mitigates some of the risks, but not all. It is still too early to tell, but I expect cloud providers to use WannaCry as a reason to move more computing to the cloud. Consultants should have a good idea of where that makes sense and where it does not.
No matter what you do, this is your time to shine. While some consultants will jack up their prices to take advantage of the situation, you can be the calm, level-headed voice. This is also a great time to push for better security prices and end-user education. Those often make for a tough sell during calm times.
Ransomware Is Modern Warfare
Ransomware is modern warfare, and it’s an issue that needs to be taken seriously. It’s a type of malicious software that locks computers or encrypts data and then demands payment for access. Ransomware can cause serious financial hardship and disrupt operations in both the public and private sectors. Companies can lose millions of dollars if they don’t have backups or insurance coverage to help them recover from a ransomware attack.
It is estimated that ransomware costs businesses nearly $8 billion worldwide in 2018 alone. Healthcare organizations, energy companies, government agencies, law enforcement agencies, educational institutions, and other critical infrastructures are all vulnerable to these attacks.
We have already witnessed nations turning to cyberwarfare to disrupt their enemies or gain a political advantage. The Stuxnet worm was one of the first widely known worms that targeted Iran’s nuclear program. Moreover, recently, someone hacked into the email servers belonging to the Republican and Democrat parties in the United States.
Deploying cyber weapons on an enemy can damage as much as bombs and missiles. Imagine a criminal getting into the water treatment centre or transportation hub of a city the size of New York. Alternatively, the mayhem one could cause by taking over the air traffic control system. It is a scary thought.
The Need For Better Backups
A couple of days ago, those who created WannaCry had collected about $70,000 in ransom payments. That is not a large amount, given the number of infected computers. However, it does speak that some victims felt they had no choice but to pay the ransom. That is unfortunate.
I am not placing blame because I’d probably pay the $300 if that were my only option. Moreover, this underlines the need for every individual and company to have a solid backup plan. Taking a full system backup is a great solution for those who need to minimise downtown. At the very least, you need to back up your most critical files to an on-prem file share or cloud service. The sad fact is that those companies running older versions of Windows are the least likely to have a backup plan.
If you are an IT consultant, now is the time to help your clients understand the importance of backups.
WannaCry provides a real-world example for you to share with them. If anything good can come from the attack, WannaCry may help replace out-of-date computers running unpatched software.
Conclusion: WannaCry is Just the Beginning
Even though WannaCry did a lot of harm, things could have gone much worse. The worm was slowed down by an engineer’s rapid thinking, which may have prevented it from infecting tens of thousands or even hundreds of thousands of machines. WannaCry knockoffs are already beginning to appear all over the world. Furthermore, we depend on Microsoft to keep our networks and systems secure. The best operating systems still include faults and vulnerabilities. The most recent patch installation is beneficial and would have halted WannaCry in its tracks.
Use contemporary gear with a modern operating system to defend yourself against cyberattacks when possible. It is simply absurd to think that you can segregate outdated machines and keep them off the network. Operating Windows XP is no longer justified in any way. We are now too interconnected for that to be a valid policy. Continue to patch your computers. But have a fallback strategy as well. Anytime you can, educate your users. And anticipate further assaults. Today’s world is as described above.