Don’t WannaCry? Ransomware Survival Tips
The WannaCry Ransomware (WannaCry) attack is an ongoing worldwide cyberattack that targets Microsoft Windows operating systems. First emerging on Friday, May 12, 2017, WannaCry has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries.
This virus exploits vulnerabilities in the Microsoft Windows operating systems. The exposed data on these vulnerable computers are encrypted and therefore unusable. This worm exploits unpatched holes on the PC and rapidly spreads to other computers on the same network. Encrypting files on every computer it touches, this virus removes access to an organization’s vital data. The hackers demand ransom payments in exchange for restoring the data.
Multiple layers of protection are needed to protect networks from exploits like WannaCry and their related attacks. Even small organizations should have these protections in place:
- Security Patches: Microsoft released Windows Updates in March that would protect systems from the security holes exploited by WannaCry. Networks that were slow to deploy these patches were vulnerable. Workstations and Laptops should be updated on a weekly basis to ward off new threats. Servers should have a monthly planned patching schedule, at a minimum. Marcum clients are monitored and critical patches are deployed from our managed services console. Even in small organizations IT should be able to monitor staff computers and ensure everyone is patched against security threats.
- Offsite Backups: If Ransomware does manage to encrypt an organization’s files, an offsite backup can help executives rest easy. Ransomware is only a threat if an organization cannot get their data back. Windows file servers should have ample free space and use Volume Shadow Copies to snapshot files twice a day. Backups should be made nightly, at a minimum, and automatically be carried offsite. Some ransomware will wipe out shadow copies and seek out onsite backups to encrypt those as well. Offsite backups are more affordable than ever and will provide peace of mind in case of an attack.
- Access Control: When ransomware, other than WannaCry, executes it will often run with the security permissions of the staff member who executed the file. Organizations often err on the side of giving all employees more access than they need. Shared files should be reviewed periodically. The number of folders allowing changes by all staff should be minimized whenever possible. Organizing security by departmental groups or job functions limits the damage many malware variants can do.