July 30

Over a Year since WannaCry - Millions Remain Vulnerable

Monday 31 Jul 2018

When WannaCry hit May 12 of 2017, the attack was massive, and data and economic loss extreme. Hundreds of thousands of computers were crippled, and with the hundreds of thousands full data set rendered unusable. The value of that data and the horror of making do without it is incalculable.

This never should have happened, as WannaCry (or WannaCrypt as it was also known) attacked a known vulnerability with an easily available patch. All you had to do was install it. Moreover, these unpatched machines were vectors for further attacks, as Microsoft explained at the time. “The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers,” Microsoft said.

You would hope that after all the WannaCry carnage; the very patch that blocks it would be broadly installed. Sadly, millions have not installed this patch, or more recent fixes that could protect from other scourges. Even worse, knowing this vulnerability has not been completely repaired; hackers continue to exploit the very flaw with new attacks. After all, many hackers are lazy or not that skilled, so they base new attacks on old ones, often with just a few simple tweaks.

In fact, the patch itself is a hacker shortcut as it details the vulnerability, and provides a roadmap and clear directions for hackers. These hackers knowing many will not shut the hole through a patch, and that these users are sitting ducks.

Five Things You Can Do

Ransomware is bad stuff, often your data is gone forever – even if you crank up your Bitcoin account and pay the ransom. Here is what you should do:

1. Keep a Backup

To add your personal company information to the support request functionality, go to "Support Info Details" and add your details. This will be visible when your users request your support.

Ransomware works by locking up precious data, and if it is worth enough, you will pay the ransom. Having an up to date backup that is easily accessible and restorable makes that ransom moot. A cloud backup solution is ideal, even if you already have a tier of backup already on-premises.

2. Restrict User Access and Permissions

The more privileges a system has, the more power the hacker gains by breaking in. Keep admin privileges to a minimum so those that spread ransomware cannot run roughshod. As an admin or MSP, resist the urge to disable User Account Control (UAC)

3. Use Two-Factor Authentication (2FA)

Often ransomware spreads through credential cracking. Having a second level of authentication can stop that in its tracks.

4. Use Up to Date Applications and Operating Systems and Keep Them Updated and Patched

Most successful exploits are against unpatched systems, including many ransomware variants. In addition, more recent operating systems and apps are better protected from incursions. Keep your systems up to date, and less vulnerable to attack.

5. Use antivirus/antimalware software

Ransomware often comes in the form of a virus or malware. With up to date antivirus/antimalware software, these attacks can be automatically detected and the malware quarantined and neutralized.

Proper antivirus and endpoint protection, such as that offered by Pulseway in a neat mobile package, can make the difference between being a ransomware victim or ransomware hero.