The internet and media have been in a frenzy over the recent WannaCry ransomware that encrypts files on infected computers, and offers to provide the password in exchange for a ransom. Behind the scenes, this malware spreads through networks using exploits developed by the NSA’s Equation Group. News first broke May 12, 2017 and by midday an estimated 57,000 computers had been infected. Within three days over 200,000 systems worldwide had been infected with WannaCry ransomware. The most notable impacts caused major disruptions in the United Kingdom’s National Health Service’s that caused appointments and operations to be cancelled including vital heart and cancer surgeries. The attack even elicited a response from the White House only one day after the current administration presented executive orders relating to increasing cyber security measures.
WannaCry leverages a vulnerability called EternalBlue which came from NSA leaks that contained various exploits. While the news surrounding WannaCry is settling down a new worm called EternalRocks is beginning to make headlines. EternalRocks has the potential to be more dangerous and spread faster because it can infect more systems than WannaCry. The new worm uses EternalBlue in combination with several other leaked exploits to infect computers.
If you are worrying whether you or your organization is vulnerable to these attacks then cry no more; here are a few ways to prevent against and contain infections:
- Patch Your Systems: Patches were released back in March 2017 by Microsoft for all of the supported and affected operating systems. Ensuring your systems are up to date and that you’ve applied the latest security patches is one of the most important prevention methods. If you are using the affected operating systems and they are not patched, be sure to update as soon as possible.
Patches have been released for Windows Vista, 7, 8.1, 10, Server 2008 R2, 2012, 2012 R2 and 2016
- Upgrade Your EOL Systems: If your organization has any lingering end-of-life operating systems you should upgrade as soon as possible to reduce any further risks. Fortunately, Microsoft did release patches in May for a few operating systems that they no longer support, this is a rare occurrence.
Patches have been released for EOL operating systems including: Windows XP, 8.1 and Server 2003.
- Security Awareness Training: It is critical that your organization develops and rolls out an effective security awareness strategy and includes tactics to avoid phishing attacks. Some organizations affected by WannaCry reported phishing emails contained the malicious software, while others reported there was no downloads that triggered the infections. Different versions of the attack software may or may not require user interaction which is why training and patching are required to mitigate the risk of infection.
- Update Your Antivirus: Keep antivirus software up to date along with running regular scans. Many antivirus vendors are capable of detecting the latest malware and ransomware by pushing regular updates as well as actively monitoring for suspicious file downloads and email attachments. If you do happen to find an infected computer disconnect it from the network as soon as possible to reduce the potential opportunity for it to spread across the network.
Protecting an organizations infrastructure and data against the latest security threats is an ongoing and challenging process, being current with the latest updates and security news will significantly aid an organizations ability to tackle security issues.