WannaCry – Lessons

WannaCry – Lessons

In May 2017 over 230,000 computers all over the world were hit by WannaCry ransomware. One of the most newsworthy organisations hit was the NHS. Numerous hospitals and hundreds of doctor surgeries were hit by the ransomware, their systems paralysed and thousands of pounds in bitcoin demanded for restitution. Originally it was thought that malicious emails were the cause for WannaCry’s installation on the hospital servers, however it soon became clear that it was badly patched and thus vulnerable Windows machines that were enabling the rapid spread of the virus.

WannaCry was spread on the back of EternalBlue a leaked NSA hacking tool. This tool enabled WannaCry to literally worm its way into the vulnerable Windows systems and then self propagate at an alarming rate. Systems attacked by this ransomware were presented with a screen demanding various ransoms in exchange for decrypting the now frozen, non reachable and non responding files. So fast was the virus that just one open SMB port led to a rapid infection of an entire network.

Some companies panicked and paid the ransomware, but so disorganised were the hackers behind the virus, that the money lay unclaimed many months later and hacked companies did not get their data released. Other companies frantically called security companies. The UK government’s emergency COBRA committee because of a cyber attack and all possible solutions were frantically chased.

Other large companies such as Deutsche Bahn, Renault and FedEx were hit as was the Russian Government. It seemed that WannaCry was not choosy in who it attacked nor particularly successful in reaping the benefits of its illegal activities.

Thankfully cyber security experts and researchers around the world soon found how WannaCry was installed as well as details of the hackers behind the largest malware attack in the world.

It was Darien Huss and Marcus Hutchins, both based in the UK who are credited with finding how to stop the spread of the virus and rendering it useless by the simple act of registering the domain mentioned in the virus code.

One simple result of this high profile ransomware attack was that companies, including government organisations whom had previously thought themselves out of the malevolent thoughts of hackers, began to take cyber security efforts far more seriously. If a simple missing patch on a Windows machine can cause such chaos what about the complexities of protecting a far larger network? Microsoft had released a patch to close the loophole months before but many companies and organisations had not installed the patch. Microsoft released a further patch two months later but how many organisations have installed this patch now?

WannaCry brings up two problems: up to date patching and the problems of laptops, tablets, phones and data sticks being attached to an organisation’s network.

So how should your organisation protect not only its valuable data but also its reputation and brand image that has taken so much marketing to be established?

Well first of all train all your staff on the dangers of phishing emails and emails with strange attachments. Some emails come in with attached invoices that need to be paid so your financial department needs extra training.

Strong procedures on what should and should not be attached or plugged into your network. So not tablets, mobiles or data sticks. The procedures should also cover what type of websites should be visited as well as use of social media. Maybe a training course or presentation would be appropriate.

This should stop ransomware and viruses coming in from website visits and malicious emails. Now you need to protect your network. End point protection and monitoring will ensure that you know what is being plugged into the network.

Patching and updating of your software, connectivity and hardware is vital of course. Do not forget the connectivity to your Cloud provider. Consider monitoring your network on a continual basis, good software will notify any weaknesses that your network has.

Lastly, your network structure in itself may have weaknesses and areas where viruses and ransomware will spread rapidly.

Lastly you need to protect your data, access as well as storage. Segment your data to ensure that only those that need the data have access to that data. Have more than one type of back up and of course if you use cloud storage, this needs to be monitored. Back up regularly and use the grandfather – father – son process where different timed versions are stored in different places so that restoring your data is much easier and you can find an uncorrupted version of your data.

Lastly and most importantly, take cyber security seriously. Even if you are a small company your data is valuable and someone out there is looking for a weakness in order to steal that data and make money from their cyber crime.

If you need advice on what cyber security software to utilise and help with your cyber security procedures then contact Gaia Technologies plc. for Quality, Security and Peace of Mind From One Provider.

Subscribe to our news and alerts

Comments (0)

Your email address will not be published.