DVANA
Menu

Situation

It seems that the fallout from the WannaCrypt ransomware worm, also called WanaCrypt or Wcry, just to make things more confusing, is beginning to take shape. As of the time of writing, there were at least 74 countries affected and over 230,000 (per MalwareTech) machines of all types infected. Infected, of course, means they have been encrypted, locked and there is/was a countdown running to erase the contents of the computer.

It seems that no sector has been spared, the NHS, FedEx, parking machines, Deutsche Bahn (German Railways) to name a few have been infected. It doesn’t seem to matter what the computer was used for, such as home PC, workstation in a business, a server or an embedded device, anything not patched was vulnerable. Teams have been working all weekend to try and eliminate the attack and restore systems. It remains to be seen how well they will do.

It seems that the bit that matters, is how up to date the security patches were on the computer. Those with the most recent patches, from March 2017 onwards, were not affected. Microsoft made a statement to this effect last Friday.

Piecing together what is publicly known, it seems that the release of the NSA’s hacking tools earlier in the year, coupled with an existing ransomware toolkit were merged into this new threat. The infection, spreads like a worm, so getting into a single network enables all vulnerable machines within that network to be targeted. The instigators of this outbreak, were initially charging about $300 in Bitcoin, but as notoriety has spread, it seems to have been increased to $600.

The use of a well-known (to the NSA) exploit in Windows, which was not notified to Microsoft has let to everyone being vulnerable to this and other attacks. The responsible course of action is for anyone (including spy agencies) is to report to the software developer flaws or vulnerabilities. It is reprehensible to keep them a secret for their own exploitation and then to hope that nobody else finds the flaw. This is the current situation, the flaw was not patched, for years and now people, businesses and public services are suffering the consequences. As more of these tools are released in the future, the more of this will be seen. At some point, the attackers will be interested in more than a little extortion.

Definitive Action

The real question, is what can be done going forward, by the individual, the business and governments. We’ll consider them together, as mostly it is the same thing:

  1. Keep systems fully up to date with patches. This includes the OS, all application software and support software for peripherals. If it runs on the computer (PC, phone, tablet, server or Internet of Things device) then it must be managed and kept current. Yes, this requires work, takes time and therefore costs money. But, how much will it cost those who are currently down and unable to conduct business? What about the stress, and other human factors? Each of these things needs to be considered. Nothing comes for free, it is only a matter of how one will pay. Little by little over years, or all in one big bang, with the potential of going out of business.
  2. Switching off and removing all unnecessary services, removing all unnecessary programs, apps and other things that run on a PC. Do you need 3 web browsers? If yes, keep them, if not remove the unused ones. This applies to games, Store Apps, old programs you never use. This also helps reduce the time needed for maintenance. Something not installed does not need to be patched.
  3. Depending upon the environment, there might be other requirements, such as PCI DSS. If this is needed, then follow those rules. But consider this, systems like PCI are a minimum, so when a password MUST be 7 characters, 15 is also acceptable and might be better. Consider instituting a better system then the one currently in place. Use strong passwords, make them 14+ characters, make sure they contain symbols, number and changes in case. Do not ever use anything that can be gained from social media, such a pet names, date of birth or the names of family members. If it is online, someone can find it. Once fount, it dramatically reduces its effectiveness.

Summary

In summary, the current attack is ongoing and will be for some time, this will lead to other more effective attacks. The goal is to make money for the attackers. Some estimates put the payoff from this ransomware attack at around one billion dollars ($1,000,000,000). This all but guarantees that there will be copycat attacks. Keep your systems patched, spend a little time and money to keep them secure and do not ever click on an attachment that you are not expecting. If the prompt comes up asking of you want to run this program, make sure you say no. Be safe, be secure.


Help

DVANA have a clear leadership in security. Contact us today to see how we can secure your business and infrastructure from outside attack and what can be done when the inevitable happens.

There are a range of security related products in the Security Center, for your immediate download and use.


Please feel free to share this around your social networks.

To see how this can be applied to your business. Contact us.

We are experts in the business of improving businesses, by doing just what you need. Contact DVANA today to see how this expertise can help you.