GLOBAL VIRTUAL INFRASTRUCTURE AND DEPLOYMENT EXPERTS

What is WannaCrypt and how to avoid being a target right now

May 16, 2017

On Friday, May 12, a significant cyberattack hit more than 150 countries, conservative estimates put the number of affected computer systems at circa 200,000 devices. 

Known in the media as WannaCry, the attack was not complex:

•A phishing attack entices users to click links which follow through to websites and run malicious code, the code then sits latent until the execution date

•This includes a malware binary with virulent worm capabilities, allowing it to self-propagate

•The worm spreads via the EternalBlue vulnerability in Microsoft Windows (MS17-010)

•Which in turn launches the WannaCry ransomware, encrypting both local user files and server based files accessible via network shares

Ransomware is malicious software which when run on a vulnerable system, encrypts user data with the promise to decrypt data only if a ransom is paid, usually hundreds of dollars. Often if the user does not pay the ransom within a specific timeframe, the ransom increases and often files are ultimately deleted.

Initial ransom for WannaCry was $300 increasing to $600 after three days with deletion of all encrypted files after seven days, accepting payment only in untraceable BitCoin. 

Surprising is that this was not a targeted attack. The cybercriminal used basic techniques to execute one of the largest attacks in recent history.  These sorts of attacks will only increase as malware code becomes more readily available to less skilled criminals.

While much of the damage was due to an unapplied Microsoft patch (MS17-010) which was released in March 2017 and the continued use of end-of-life versions of Microsoft Windows such as Windows XP and Vista (which no longer receive security patches, though Microsoft did this week release these patches). 

Many defence-in-depth security technologies could have limited the damage:

•External email gateways using advanced detection techniques 

•Web gateways and proxies which block Tor communication and known to be malicious web sites, commonly used by cyberattacks

•Advanced endpoint detection and protection solutions that examine endpoint activity far beyond traditional anti-virus

Other areas for immediate improvement:

•Back Ups

- make sure that you back up your important computer files offline should you face an attack you will then be able to restore your important information, this applies to both servers and workstations, particularly those of users who travel and work on files locally

•Software

- Ensure that you are using the latest Windows operating system

- Your anti-virus software needs to be updated

•Email

- Train users not to click on links or attachments which they receive from unknown sources and to be very careful opening any email that looks unfamiliar even though it might appear to come from a reliable source

- Macro based word documents (DOCM) from outside the organization can be extremely dangerous, these should be blocked at the perimeter

- This also applies to .html, .js, .vbs, .wsh files from external sources, including inside compressed ZIP files

•Web Security

- Change your web policies to block sites based on reputation, category and very importantly application type, the latter more difficult as traffic is often hidden within HTTPS/SSL secured traffic streams

•End-user training

- Businesses need to acknowledge that their users are the weakest link in their security and strongly consider security awareness training

To help you address the risks surrounding both this and similar future attacks contact chris.walsh@viadex.com

 

 

 



Tags:
Category:

Share

Request a callback

Thank you, we will be in touch with you shortly.
Submit

Send us a message

Thank you, we will be in touch with you shortly.
Submit

Client Testimonials

One of the worlds leading online gaming software providers has been a very happy client since 2002:

  • Why have you chosen to work with Viadex?

    Initially it was simply a matter of supply needs; it was convenient. Over the years the relationship has shifted from one-off purchase and supply, to a mutually beneficial partnership. I continue to invest in the relationship with Viadex because it offers a lot of advantages to me as Head of IT for a global business. These advantages include but are not limited to having an advocate working for us in discussions with vendors, having someone to make contact with vendors and either arrange proof of concept engagements or provide some background and advise relating to the vendor.

  • What are the primary benefits and/or results Viadex brings to your organisation?

    Viadex understands our business, Viadex recognises that we are a global business requiring supply to many locations, invoicing to varied entitles and that we exist in a market where there are real advantages in terms of getting to market quickly and as a result we have high expectations when it comes to logistics turnaround times.

    The Viadex account team takes time to visit our IT team and understand our project roadmap which enables them to align to our needs, as well as to offer potential solutions to address on-going challenges. Viadex recognizes the high level of technical skill in our organisation and helps us connect with the appropriate calibre of representatives from various vendors.

    Viadex assists with managing our support relationships with vendors, and taking the above into account they also help us bypass the lower levels of support and obtain quality support levels.

    Viadex advises us of how best to handle vendors, how to maximise value in our engagements and how to achieve the best return on our investments by considering alternative vendors, taking note of the timing of our purchases and optimally structuring our investment.

  • What is the process of working with Viadex like?

    Viadex has a friendly, open engagement with us. Viadex invests in face time with multiple touch-points to provide a service across the IT spectrum. The relationship is professionally owned by an account executive who is assisted by a technical team and a procurement team. The friendly and generally informal engagements suit my style; however Viadex has a professional and formal image for the times when it is appropriate. Viadex strives to respond to mails with minimal delay and is always available to take a call.

  • Why would you recommend Viadex?

    As Head of IT I appreciate not having to sweat over the details of procurement and vendor management. I am enabled to focus on delivering the business solution knowing that I can rely on Viadex to represent our best interests in commercial discussions. Viadex presents their proposed solution for review after doing the legwork. I enjoy working with the Viadex team, I have learnt a lot from them and I believe they have learnt from us too. It is a true partner relationship.