By Mike Herrington
Right on the heels of Pres. Donald Trump’s executive order aimed at improving the state of cyber security in the U.S., the entire world was hammered by one of the largest ransomware attacks in history. The new ransomware threat, dubbed “WannaCry,” has run rampant across the globe infecting more than 200,000 computers in 150 countries. Here is some background on this threat, who is vulnerable and how to protect your business:
Ironically, WannaCry was identified by the NSA months ago and they kept the code on file to be used as a potential surveillance tool. The NSA was hacked by an organization known as Shadow Brokers that in April released a cache of stolen NSA documents on the Internet including, details about the WannaCry vulnerability.
The recent attack has seen the virus spread rapidly. The virus spreads across computer networks using standard file sharing technology used by personal computers called Microsoft Windows Server Message Block or SMB. This is the most typical path for infecting a network, but researchers have already identified variants of the virus that may have other methods of propagation.
The virus exploits a vulnerability in older Windows operating systems such as Windows XP and Windows Server 2003. If you’re using a more recent version of Windows and you’ve stayed up to date on your patches, you should NOT be vulnerable. However, if you haven’t stayed up to date on patches you remain vulnerable until they are patched.
The advice is to update Windows immediately. If you’ve been keeping up to date, you likely received a patch to protect your system months ago. Take the time to check and make sure that you’ve applied all available security patches from Microsoft. Another recommendation is to block TCP port 445.
If infected, you will have your data encrypted so that it becomes completely inaccessible. You’ll then receive a prompt asking you to pay a ransom to gain access to your data again. If the ransom isn’t paid within 72 hours, the price can double and after a few days the files will become permanently locked.
The FBI and most security professionals recommend against paying the ransom. If your computer gets infected, the best course of action is to wipe the machine and reinstall Windows. Then, restore from a backup. If you don’t have a backup of your data, you’re going to be in a real bind.
The good news, if there is any with this situation, is that the virus only infects Windows machines. That means that your Apple and Android devices are not at risk from this threat.
This hopefully will serve as a wakeup call for many businesses that are still using antiquated technology. Windows XP has been end-of-life from Microsoft for over three years and yet it is still common to see it in production. End-of-life means that Microsoft has not released patches for XP for three years! The longer they have been end-of-life, the more vulnerable these machines become.
If there is any good that can come from an event such as this, it’s that business owners will finally take these threats seriously. They should make a plan of action to eliminate such technology from their networks. This kind of vulnerability highlights just how devastating the effects of such neglect can be. The problem can be destructive — but the solution is simple. Use current technology and do regular maintenance, applying patches and updates as they become available.
Mike Herrington is the manager of business development at i.t.NOW.