A lack of understanding of best practices for network security can lead to devastating results. The recent WannaCry ransomware attack had a global impact. This blog examines how cyber criminals executed this attack, the ongoing challenges it still presents for IT and lessons learned to avoid future attacks.
The root cause of most inections is an all-too-common story. Cyber criminals breached a company’s network via phishing an email that contained the WannaCry ransomware. The email attachment was opened on one unpatched and unprotected computer, which led to devastating consequences for the entire company. When questioned about the unpatched system, the company’s owner responded “I didn’t understand that patching was so important”.
When you consider how easily this company could have avoided the breach, it just makes you “WannaCry.” That particular global ransomware attack infected more than 250,000 systems in more than 150 countries, including several large healthcare institutions in the United Kingdom and a couple of notable telecommunications companies in Spain. All that was required to avoid WannaCry was to apply Microsoft software updates, or install threat management software at around $50 per PC per year.
WannaCry is just one example of threats that are a combination of ransomware and a worm that leverages an SMB file-sharing protocol exploit. It is speculated that initially, certain government agencies created an exploit kit (in this case, EternalBlue) which cyber criminals then allegedly stole.
In April 2017, Shadow Brokers leaked EternalBlue to the public as part of a bigger dump of NSA-developed exploits. Criminals then leveraged elements of that exploit kit in a new, extremely aggressive form of ransomware that leverages a worm-like attack against connected network machines, using various read/write functions of the Windows Operating System. This particular exploit affects various versions of Microsoft Windows operating systems, including a number of versions that are in end-of-life status. Although Microsoft released a large number of patches to address this vulnerability, the attack remains dangerous as many organisations have not applied the relevant patches.
The first version of the worm/ransomware package had a kill switch that was used to disable the worm feature, which slowed its advance. Later versions of the package do not have this weakness.
It is estimated that there are more than 114 new viruses and variants created and released every sixty seconds. WannaCry is not the first exploit to leverage this form of attack and it certainly will not be the last. It is critical that business of all sizes evaluate their exposure to viruses and consider employing risk management best practices to ptotect themselves against these attacks, including keeping Microsoft patching up to date, and deploying threat management technology that blocks both existing and new threats.
Risk Management is a core skill set for UBR Technology Services. We can help you evaluate and understand the risks, threats and vulnerabilities of your business to current and emerging viral threats. We can manage the deployment of Microsoft patches and security updates. And we can install and manage threat management software to protect your PC's and servers from current and future threats.
