Ransomware: Threats, Impact & Expert Recommendations on How to Defend Against It
This is a guest post from RJ Gazarek, Security Expert and Product Manager at Thycotic.
The massive ransomware infection that spread across computers in over 150 countries since Friday, May 12 and crippled hospitals and businesses worldwide, demonstrated how devastating a cyber attack can be on a global level.
The timing of this ransomware attack is no coincidence. The attacks started on Friday as many European organizations were wrapping up their day, only to find out that they suddenly have an entire weekend (or more) of work dropped onto their lap. The scariest part of this is that hospitals in England have had to suspend non-urgent care.
This ransomware looks to be a version of the WannaCry ransomware that first encrypts all of the data on the infected machine and then looks to quickly jump to other machines on the internal network using a vulnerability in windows systems. This highlights the importance of ensuring that endpoints are up to date with the latest software security patch.
If the initial reports are true, this vulnerability may be related to Microsoft Security Bulleting MS17-010 (critical bulletin). This update was published on March 14, and Microsoft’s overview of the bulletin is as such: “This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.”
Once that bulletin was released, it’s safe to assume that people began attempting to create a version of WannaCry that would leverage that vulnerability in unpatched systems, to remotely execute this code and begin encrypting computer systems. With the number of systems affected, this seems like a pretty well-coordinated and massively distributed attack.
In any event, regardless of how or when, it’s important that organizations around the world take steps to secure their infrastructures:
- Always have your systems updated with the latest patches.
- Deploy an application control solution that can detect and prevent unknown applications, processes, and scripts from executing on the endpoint.
- Back up everything so that you can revert to it in the event of lost data.
- Institute a disaster recovery plan — and TEST this plan by running a recovery drill — that can get your organization back online as fast as possible in the event of not only natural disasters, but also man-made disasters, such as ransomware.
- Protect privileged accounts and administrative passwords so that attackers cannot bypass your security controls.
I will be discussing ransomware and other threats to the financial sector’s cybersecurity on Thursday, May 18 with fellow panelists, including Nathan Wenzler, Chief Security Strategist at AsTech Consulting and Ted Eull, VP Privacy and Risk at NowSecure.
Sign up for the panel session in this week’s Securing FinTech Summit here.