Last Friday, yet another large scale cyber attack made headlines. Known as "WeCry", "WannaCrypt", "WeCrypt0r", or "WannaCrypt0r", this latest attack was aimed primarily at enterprises, not the general public (like the Google Docs phishing attack a few weeks ago). How did the attack occur so quickly and what can be done to prevent it from reaching you?
Details on the Attack
"The ransomware, used a vulnerability in a Windows Server component to spread within corporate networks. The weakness was first revealed to the world as part of a massive dump of software vulnerabilities discovered by the NSA and then stolen by a group of hackers calling themselves “Shadow Brokers”.
Microsoft fixed the flaw shortly before the stolen data was published, leading many to conclude it had been surreptitiously tipped-off by the security agency about the existence of the flaw.
But Microsoft’s policy is that some commonly used versions of Windows no longer receive security patches; those versions include Windows Server 2003 and Windows XP, both of which have not been sold for over a decade; and Windows 8, which some users prefer to the supported Windows 8.1 because of differences between the two versions of the operating system. Typically, the company only provides support to organisations which pay expensive fees for “custom support” for these out-of-date platforms.
Once WeCry began spreading, however, Microsoft took the “highly unusual” step of releasing free security updates for those out-of-support versions of Windows, which can be downloaded from its website.(The Guardian)
This particular piece of malware can also enter your system via an infected email. These phishing attacks are becoming more and more common and rely solely on the trusting clicks of individual users. Once the user opens the attachment, the hackers can gain access to the entire network.
How Can You Prevent It from Infecting Your System?
The vulnerability does not exist within Windows 10, the latest version of the software, but is present in all versions of Windows prior to that, dating back to Windows XP. If you or your organization is running a version of Windows, you could be at risk. An article on CNBC this morning gives some great information on protecting yourself.
What should I do to protect myself?
Individuals and small businesses should:
- Run Windows Update to get the latest software updates
- Make sure any anti-virus product is up-to-date and scan your computer for any malicious programs. It's also worth setting up regular auto-scans
- Back up important data on your computer in case it gets held for ransom
Large organizations should:
- Apply the latest Microsoft security patches for this particular flaw
- Backup key data
- Ensure all outgoing and incoming emails are scanned for malicious attachments
- Ensure anti-virus is up-to-date and conducting regular scans
- Educate employees on identifying scams, malicious links, and emails that may contain viruses
- Make sure to run "penetration tests" against your network's security, no less than once a year, according to the Department of Homeland Security
What if I've already been attacked?
- Do not pay the ransom. There is no evidence of the hackers giving people files back
- For individuals, it might be worth contacting local IT support services
- Businesses should contact law enforcement, as well as their IT support service, and provide as much information as possible
- Restore back-ups of data
We Can Help Protect You
If you are concerned you may be infected or you need to improve your security measures, contact us. You need to have a robust security infrastructure in place to protect your business' valuable data. We offer a full range of security measures from antivirus to backup and recovery, digital forensics, and even cyber liability insurance in the event a breach occurs. Contact us today if you're ready to take cybersecurity seriously.