WannaCry? | What the most recent malware outbreak taught us.

The WannaCry ransom attack was a worldwide cyberattack targeting computers running Microsoft operating systems. The malware would encrypt data on the infected system as well was all other data on the network that the user had access to – pretty standard cryptoware. What made this attack different is that once a system was infected there was a transport mechanism that allowed itself to spread to other unprotected systems on the network. The kicker is that Microsoft actually released a critical patch on March 14, 2017 to address the underlying vulnerability but many users hadn’t yet applied the patch a full two months later!

What Did We Learn?

The first step that we should be taking at the organizational level is as easy as regularly scheduled preventive maintenance.

  1. Keep up to date on your patching! The infection spread between systems that had not applied two month old critical patches. If you work with an MSP to manage your patching it is important that you leave all systems on and online during your maintenance windows. You should be managing your patching and updating at the organizational level NOT at the desktop level. End users are notorious for cancelling updates so as to not be inconvenienced as they run.
  2. Use centrally managed antivirus to insure all your users have the most up to date virus definition files and the systems are receiving regularly scheduled scans.

The next step is talk about security, take it serious.

  1. Review your data access security policies and limit user privileges. The extent you can (and should) limit access to various folders and data will limit the threat of encryption.
  2. Disable the running of Macro scripts in Office files
  3. Create rules that block programs from executing from AppData/LocalAppData folders

Finally, train your employees. Clearly communicate your security policy and explain the social engineering techniques that lure many end users to self infection. Email attachments are the number one risk for infection, drive-by downloads are number two and malicious links in email are number three. End users play the primary role in getting infected with ransomware.

 

You can find more information on IT security in our ebook and on our blog.  If you have any additional questions, please get in touch and we’d be happy to answer.