Three Simple Steps to Combat Ransomware
Author(s): Tom Patterson, Posted on May 17th, 2017
Ransomware is nothing new – a favorite tool of criminals leveraging well known exploits to extort money, first from individuals and now enterprises. The approach encrypts your data and threatens to destroy it unless you pay the perpetrators a certain amount of money. The May 12 so-called “WannaCrypt” ransomware attack (MS17-010) – commonly known as “WannaCry” – is a step up in sophistication, in part based on an advanced exploit that spreads laterally through networks. The result in the first 72 hours since launch has infected more than 230,000 computers in 150 countries. And though a kill switch was found for this particular strain, it is fair to say that more attacks are on the way.
This attack has highlighted the risk of unpatched operating systems and those in use beyond the end-of-support dates that no longer receive critical support, automatic fixes, patches or updates from the vendor. Hackers naturally target these vulnerable systems. It also pointed out the existing weakness of standard perimeter-based defenses, as it used undefended Server Message Block (SMB) and port 445 to spread laterally once inside an enterprise.
While there is no fail-safe way to stop ransomware, there are a few straightforward steps you can take to mitigate its damage. They include:
- Backing up your data. Continually back up your most critical files. Many organizations routinely back up their critical data, but individuals should do so as well.
- Installing security patches. A security patch to stop the most recent ransomware attack has been available since March, but many companies are on a 60-90 day patch window, and thus were vulnerable. My company has been out in the field ensuring it is being deployed for our clients. While no one likes constant reminders to update their software, this most recent malware attack serves as a stark warning of what can happen when you don’t.
- Segmenting systems and networks. Micro-segmentation stops the “east-west” spread of malware throughout the ’inside” of your enterprise, thus dramatically minimizing the impact should malware get in. By compartmentalizing critical systems (separating unpatched resources as well as critical information), the organization significantly reduces the impact of a security breach. Unisys’ Stealth technology is proven to stop this lateral spread of malware.
The digital world continues to evolve into the world’s predominant, nation-state, business and criminal battleground. Before this is over, WannaCrypt will impact healthcare, transportation, energy, and thousands of commercial enterprises. However, with these few proactive steps, we can limit the damage from these breaches and make future ones less damaging. Failure to prepare can result in the loss of brand value, customer base and investor confidence, as well as financial penalties.