There is no shortage of articles out by now on the specifics of WannaCrypt, and how to protect yourself. In short, a ransomware is a growing issue and while WannaCrypt is currently on the front page, it’s certainly not the first nor last of its kind.
Put simply, once the ransomware is launched on a system, it encrypts any and often all data that it can access in a manner that makes it inaccessible. Decryption keys are available for a fee – hence, the ransom.
Microsoft have since published their customer guidance for WannaCrypt attacks, and we at New Signature also have advice in order to avoid this type of disaster in the future. All the advice given comes down to some fundamentals of running a well-managed IT environment.
Keep your systems patched.
- For this attack to spread in your environment, you would need to have missed patching your systems since March. The exploit described in Microsoft Security Bulletin MS17-010 is how WannaCrypt spreads. By the time an exploit makes it to an automated exploitation, it’s likely that hackers have been using it in much more covert ways for months. Patching may be one of those arduous tasks you hand over to a managed service provider, but it must be done and must be current in order to keep your business protected properly.
Modernize and stay current.
- The protection mechanisms built in to Windows 10 remove vulnerability to WannaCrypt, even if your environment is unpatched.
- If you disabled SMBv1 in your environment you were also protected. SMBv2 was released in 2006 and v3.1.1 is the version currently in use by Windows 10 and Server 2016.
Maintain adequate backups.
- At the end of the day, so long as users have access to files and can be tricked into executing ransomware within their own security context, the attacks will work. You would only have to pay a ransom to get your data back if you don’t have another copy of your data yourself. Today’s market has so many options for snapshot technologies and backup options, that there is no reason for this liability to ever be an issue. If the system is critical, you should be able to simply restore it to a point in time minutes before the attack, and move on as though it never existed.
Use advanced message hygiene technology.
- A perfect example of this is Microsoft’s Advanced Threat Protection, a technology that opens attachments in a “detonation chamber” before being sent to recipients. Threat Protection re-writes URL’s so they can be scanned in real time, at the time the user clicks them for malicious links. These technologies make a big difference to the spread of ransomware and go well beyond your typical anti-malware and anti-spam solutions. More information can be found here: https://products.office.com/en-ca/exchange/online-email-threat-protection
Implement User Training.
- Education is key. Do your users know how to spot a suspicious link? Would they know who in your organization to ask for advice? Do they understand the consequences of careless site visits, or opening attachments? User education needs to be an ongoing activity in every organization.
Follow the principle of least privilege.
- Ransomware can only re-write data that the person running the ransomware has permission to re-write. Does every user, in every role, really need access to as much data as they have? Streamlining and minimizing access will add additional protections and strengthen your odds of remaining secure.
Proper business technology security in a modern age can be complex and requires continual maintenance and strategy. New Signature’s Managed Services are our in-house experts that manage your business IT functions for you, so that you can focus on your own business goals, customers, and core competencies. Our guidance can help to ensure that your environment is up-to-date, secured and optimized.
Connect with a New Signature managed services professional today to learn how your unique business can benefit.