According to reports, a ransom note was delivered to the computers of personnel working for organisations such as the National Health Care Service in the United Kingdom and Telefonica in Spain on the morning of May 12th.
Within a few days, security professionals discovered that the WannaCry ransomware cryptoworm had infected more than 230,000 machines in more than 150 countries, according to their estimates.
It is believed that WannaCry infected devices running older versions of Microsoft Windows as it moved across the internet.
Since then, a researcher found a ”kill switch” in the worm’s code. By just registering a domain, he was able to slow down the attack. The group over at Security Intelligence has done a masterful job at following the attack. They are updating their finding on their website.
After the initial shock of the attack wore off, companies were left to deal with the fallout. Moreover, that is what I would like to discuss today. I will look at the current state of IT since the attack and some of the changes I expect to happen in the wake of this event.
The Patch Management Conundrum
WannaCry initially hit some large companies. That helped drive recognition of the attack but also brought into question why so many computers were running without the latest Windows security patches. So how is it possible that established companies are running on unpatched systems?
There’s no simple answer to this question, but I have a few ideas that might help us understand why larger companies suffered the most. First, many IT administrators use group policies that control when and which patches Windows can install.
Some might wonder why IT would not just default to installing every security patch that Microsoft makes available. The fact is that some patches are not compatible with company applications. IT wants to test each patch on a few machines before rolling out updates to the entire company. This is usually an intelligent approach to patch management, but it is a flaw that WannaCry was able to exploit with great success.
Microsoft has aggressively marketed Windows 10 to consumers and business customers. They even made it free or nearly free for a limited time. But not all hardware can run the latest version of Windows. That is one explanation why most computers that were hit by the attack were running Windows 7. A much smaller number were running Windows XP or Windows Server 2003.
One thing we can be certain of is that attacks like these result in many Windows licences being sold as corporations retire old hardware and replace it with new ones. I’m sure the technically skilled will say that the attacks will hasten the transition to Linux, but that assertion is based on several assumptions.
Because a large amount of corporate software is dependent on Windows, switching to another platform is both expensive and time-consuming. The reality is that if your firm is still using an outdated version of Windows that Microsoft no longer supports, you are putting yourself in a vulnerable situation.
The Cloud Consultant’s Role
The consultant’s role in the wake of attacks is an interesting one. Companies can listen to your advice because they do not want to be the next victim. Alternatively, maybe this is an excellent time to retire that older hardware and move to new PCs.
Alternatively, move some employees to a DaaS or VDI solution. The cloud mitigates some of the risks, but not all. It is still too early to tell, but I expect cloud providers to use WannaCry as a reason to move more computing to the cloud. Consultants should have a good idea of where that makes sense and where it does not.
No matter what you do, this is your time to shine. While some consultants will jack up their prices to take advantage of the situation, you can be the calm, level-headed voice. This is also a great time to push for better security prices and end-user education. Those often make for a tough sell during calm times.
Ransomware Is Modern Warfare
The operating system has become a kind of public utility in the same way roads; we all use the post office and schools. Shutting down a highway or the post office will have massive adverse effects on society. The same goes for the operating system. Some would also put Google’s search engine into the same discussion, agreeing with them. Roads and schools must be maintained to be safe and effective. Moreover, so do operating systems.
The bad news is that operating systems are increasing at a record clip. They are not just for desktops, laptops and phones. Today our watches, thermostats, security systems and our appliances require an operating system. That makes for incredibly compelling devices.
However, it also raises the risk that hackers could use them for harm.
We have already witnessed nations turning to cyber-warfare to disrupt their enemies or gain a political advantage. The Stuxnet worm was one of the first widely known worms that targeted Iran’s nuclear program. Moreover, recently, someone hacked into the email servers belonging to the Republican and Democrat parties in the United States.
Deploying cyber weapons on an enemy can damage as much as bombs and missiles. Imagine a criminal getting into the water treatment centre or transportation hub of a city the size of New York. Alternatively, the mayhem one could cause by taking over the air traffic control system. It is a scary thought.
The Need For Better Backups
A couple of days ago, those who created WannaCry had collected about $70,000 in ransom payments. That is not a large amount given the number of infected computers. However, it does speak that some victims felt they had no other choice than to pay the ransom. That is unfortunate.
I am not placing blame because I’d probably pay the $300 if that were my only option. Moreover, this just underlines the need for every individual and company to have a solid backup plan.
Taking a full system backup is a great solution for those who need to minimise downtown. At the very least, you need to backup your most critical files to an on-prem file share or cloud service. The sad fact is that those companies running older versions of Windows are the least likely to have a backup plan.
If you are an IT consultant, now is the time to help your clients understand the importance of backups.
WannaCry provides a real-world example for you to share with them. If anything good can come from the attack, WannaCry may help replace out-of-date computers running unpatched software.
Conclusion: WannaCry is Just the Beginning
As much damage as WannaCry caused, the reality is that it could have been much worse. A quick-thinking engineer took action that slowed the worm and may have stopped it from spreading on to tens or hundreds of thousands of computers. We are already starting to see copycat versions of WannaCry show up around the world.
Moreover, yet we rely on Microsoft to keep our computers and networks safe. Even the best-operating systems have bugs and exploits. Installing the latest patches helps and would have stopped WannaCry in its tracks.
Whenever possible, use a modern operating system on modern hardware to protect yourself from cyberattacks. Believing that you can separate older computers and keep them off the network is simply not a realistic expectation. There is no longer any justification for running Windows XP. That is no longer an acceptable policy because we are too interconnected.
Keep your computers patched. However, have a backup plan in place. Educate your users whenever possible. Moreover, expect more attacks. This is the world we live in today.