Ransomware is nothing new – a favorite tool of criminals leveraging well known exploits to extort money, first from individuals and now enterprises. The approach encrypts your data and threatens to destroy it unless you pay the perpetrators a certain amount of money. The May 12 so-called “WannaCrypt” ransomware attack (MS17-010) – commonly known as “WannaCry” – is a step up in sophistication, in part based on an advanced exploit that spreads laterally through networks. The result in the first 72 hours since launch has infected more than 230,000 computers in 150 countries. And though a kill switch was found for this particular strain, it is fair to say that more attacks are on the way.
This attack has highlighted the risk of unpatched operating systems and those in use beyond the end-of-support dates that no longer receive critical support, automatic fixes, patches or updates from the vendor. Hackers naturally target these vulnerable systems. It also pointed out the existing weakness of standard perimeter-based defenses, as it used undefended Server Message Block (SMB) and port 445 to spread laterally once inside an enterprise.
While there is no fail-safe way to stop ransomware, there are a few straightforward steps you can take to mitigate its damage. They include:
The digital world continues to evolve into the world’s predominant, nation-state, business and criminal battleground. Before this is over, WannaCrypt will impact healthcare, transportation, energy, and thousands of commercial enterprises. However, with these few proactive steps, we can limit the damage from these breaches and make future ones less damaging. Failure to prepare can result in the loss of brand value, customer base and investor confidence, as well as financial penalties.