You must have heard about the recent ransomware attack, which has till date affected over 10,000 organizations and 200,000 individuals in over 150 countries!
This ransomware is generally being referred to as “WannaCry” and was first reported in May 2017.
NetEnrich is proactively doing our job of staying in front of this as we work to ensure our internal and customer environments are protected.
About WannaCry ransomware
WannaCry ransomware targets and encrypts 176 file types. Some of the file types WannaCry targets are database, multimedia and archive files, as well as Office documents. In its ransom note, it initially demands US$300 worth of Bitcoins from its victims—an amount that increases incrementally after a certain time limit. The victim is also given a seven-day limit before the affected files are deleted—a commonly used fear-mongering tactic.
WannaCry leverages CVE-2017-0144, a vulnerability in Server Message Block, to infect systems. The security flaw is attacked using an exploit leaked by the Shadow Brokers group—the “EternalBlue” exploit, in particular. Microsoft’s Security Response Center (MSRC) Team addressed the vulnerability via MS17-010 released March, 2017.
It propagates to other computers by exploiting a known SMB remote code execution vulnerability in Microsoft Windows computers. (MS17-010)
Best practices for protecting against ransomware
- New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
- Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
- Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments. Do not open unknown links and attachments.
- Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
- Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.
- Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form.
Regular backups of your data can save you a lot of money. It’s important to remember that, unsecured backups can also be encrypted by ransomware. So it’s critical to ensure that backups are not connected to the computers and networks they are supporting.
Our cyber-security services enable you to have peace of mind while we manage and thwart threats and attacks on their client’s digital perimeter and applications. We provide services to help manage and keep pace with frequently changing compliance requirements, emerging threats, and continuous business demands that create havoc with security posture. Contact us to find out about local or regional service providers in your area.