Throughout the day on Friday, May 12th, many computer systems around the world started reporting a new ransomware attack. Dubbed “WannaCry”, this malware outbreak infected more than 230,000 computers, running Windows, across 150 different countries in less than 24 hours.
Security experts quickly responded and discovered a “Kill Switch” embedded in the code which was used to stop the malware’s spread. Although this kill switch allowed for the initial ransomware attack to be halted, security experts are warning that there may be copycat variants of the malware being released in the near future.
One of the reasons this attack spread more quickly than has been previously seen is due to the fact that it exploited a vulnerability many organizations had not patched against. The vulnerability being exploited was resolved by Microsoft on March 14, 2017, but many organizations are unable to effectively patch all systems in a timely enough manner to prevent the outbreak. Most IT experts are aware that patching should be a first line of defense, but this attack showed it cannot be the only defensive mechanism in place and may also uncover some gaps in an organization’s patching process.
Another reason the attack spread so rapidly is due to organizations running Windows XP, which is no longer supported by Microsoft. Because of this, Microsoft no longer releases patches to protect against these vulnerabilities. Microsoft has since released a patch for Windows XP systems, but remember Windows XP is no longer supported and is not patched against new vulnerabilities.
While your organization may be protected from the original infection, keep in mind variants will be released. Also, please remember some key best practices at work and home to make your technology environment more secure:
- If you have computers in the office or at home, please make sure the latest Windows and MacOS Updates have been installed and applied. Also, it is recommended that you enable updates to be applied automatically as vulnerabilities will continue to be exploited as they are discovered by criminals.
- Please make sure to utilize an AntiVirus software that continuously monitors your computer and that it is up-to-date with the latest definitions.
- When working with email, remember not to click on links or open attachments from people you don’t know or that you weren’t expecting. Criminals have shifted to user-targeted attacks as they have seen more success in these types of attacks, so use caution when performing daily tasks.
You’re Not Alone – PDS is here to help
From planning and executing Operating Systems upgrades, to ongoing support of these environments, PDS has the expertise to help mitigate risks associated with these attacks. PDS can also help deploy effective patching solutions within your organization. Patching is typically the most effective method for mitigating risk, but is also the first line of defense and should not be the only line of defense. Let PDS help deliver additional security defenses such as firewall technologies or network segmentation. With technology connecting more and more each day, the impact of these attacks continues to become greater. And although it will be impossible to completely eliminate these attacks, solutions can be implemented to help minimize the impact of them.
Author: Nick Wojciechowski – Technical Solutions Architect