Clients subscribed to our managed services have options for layers of protection against threats like WannaCry which has hit Europe and much of the world like wildfire.
Early yesterday, news broke of a widening net of maleficence across Europe and Asia affecting thousands in about one hundred countries. The majority of attacks have been in Russia, Ukraine and Taiwan, but in the U.K. hospitals had to turn away patients because computer systems were completely inaccessible. News outlets urged people to reserve medical visits for only the most extreme emergencies! In China, the internet security company Qihoo360 issued a “red alert” saying "Global internet security has reached a moment of emergency.” Colleges and students in the country were confirmed affected and gas stations were offline forcing customers to pay cash. Spain’s telecom Telefónica identified as being compromised. FedEx in the US indicated it too had been hit and was working to contain the damage.
"Affected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab.
Ransomware encrypts (locks) files preventing access and displays messages demanding ransom to be paid in bitcoin. If the ransom is not paid, complete destruction of the files will result. Paying the ransom is not recommended by the FBI: paying criminals does not typically result in the actual promise being delivered—they are criminals. Additionally, even if your files were to be unlocked, the fact that this malware has been on your systems, means there is absolutely no guarantee that some other resident evil has not been left behind because most threats today are “blended” meaning they are comprised of multiple tools.
This ransomware is leveraging an exploit named EternalBlue or MS17-010 that was leaked by the ShadowBrokers last month and affects versions of the Windows operating system before Windows 10. Although Microsoft released a patch on March 14, it only prevents spreading the attack through internal networks and many organizations have not applied it.
Kevin Beaumont, a U.K.-based security architect, examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telefónica. He said it is likely the ransomware will spread to US firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. "It has a 'hunter' module, which seeks out PCs on internal networks," Beaumont said. "So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies." This kind of thoughtfulness just warms the heart!
The ‘hunter’ module is a worm function. One of the trends with malware and ransomware in particular is that it morphs over time, acquiring new behaviors to avoid detection and infect by alternate means. Protection against such threats is by all means an arms race and so, as long as there is computing, no computer or its data is ever 100% safe. Old recommendations still hold true:
Update your systems and software: software which no longer receives patches for detected vulnerabilities puts your system at risk.
Do not click suspicious links and be wary of emails from unknown senders and unexpected attachments. (If your company still publishes jobs postings requesting application by email submission, STOP! There are safer ways to hear from prospective hires.)
Back up your data: often, to removable media, store it off site. A backup drive constantly attached to a system will be just as quickly locked by ransomware. Are you relying on a file sync service as your “off-site” copy? It too will be compromised by ransomware because your computer always has access to it.
If you use public wifi be sure your system is secured with patches, automated malware protection, software firewalls, trusted VPNs and smart use.
Events like this show us just how vulnerable our businesses and lives are where they are so dependent on technology. None of us is immune really. However, the steps above are simple enough to teach anyone, from children to grandparents. Car and home owners have gotten used to the idea that automobiles and buildings need regular maintenance and care to keep them useful. Technology and its sundry pieces are no different. If you need assistance in making sure your network is secure, contact us. Losing sleep with worry solves nothing and ignoring the problem does not make it less real. Taking effective action will make you feel much better!