Are you at risk from ransomware

May 13, 2017 | Uncategorized

Contact Us

Remote Support

Call Us at 207-608-8900

Clients subscribed to our managed services have options for layers of protection against threats like WannaCry which has hit Europe and much of the world like wildfire.

  • If you are currently subscribed to a full management package and following our recommendations to only use currently supported operating systems and software, then your systems have received the applicable Windows updates through automated and consistent patching protecting them against the exploited vulnerability identified in bulletin MS17-010.
  • Additionally, your systems are protected with rapid malware detection and remediation provided by Webroot which has been protecting against similar threats for some time.
  • If your mail server allows full implementation of our Total Control email protection, you are protected against messages with infectious content and provided a sandbox to review those held as potential risks through your quarantine summary. If your mail server has not allowed us to prevent delivery of unscanned messages to your inbox, we have communicated this to you. Exercise extra caution managing email. Any message scanned by Total Control has a footer with links to your filter. If there is no footer, then the message was not scanned by Total Control and may contain malicious content.
  • All SonicWall customers with active subscriptions to Gateway Security Services have had your network protected from WannaCry (also known as WanaCrypt0r, WannaCrypt, and WCry) ransomware since April 20, 2017. Those annual renewals are paying off!
  • If your company is following our recommendations for backup with Datto, ShareSync or CharTec, you have automated, encrypted, off-site copies of your most critical data necessary for recovery in the event one of your users unleashes the villain on your network.

Phew!

Early yesterday, news broke of a widening net of maleficence across Europe and Asia affecting thousands in about one hundred countries. The majority of attacks have been in Russia, Ukraine and Taiwan, but in the U.K. hospitals had to turn away patients because computer systems were completely inaccessible. News outlets urged people to reserve medical visits for only the most extreme emergencies! In China, the internet security company Qihoo360 issued a “red alert” saying “Global internet security has reached a moment of emergency.” Colleges and students in the country were confirmed affected and gas stations were offline forcing customers to pay cash. Spain’s telecom Telefónica identified as being compromised. FedEx in the US indicated it too had been hit and was working to contain the damage.

“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab.

Ransomware encrypts (locks) files preventing access and displays messages demanding ransom to be paid in bitcoin. If the ransom is not paid, complete destruction of the files will result. Paying the ransom is not recommended by the FBI: paying criminals does not typically result in the actual promise being delivered—they are criminals. Additionally, even if your files were to be unlocked, the fact that this malware has been on your systems, means there is absolutely no guarantee that some other resident evil has not been left behind because most threats today are “blended” meaning they are comprised of multiple tools.

This ransomware is leveraging an exploit named EternalBlue or MS17-010 that was leaked by the ShadowBrokers last month and affects versions of the Windows operating system before Windows 10. Although Microsoft released a patch on March 14, it only prevents spreading the attack through internal networks and many organizations have not applied it.

Kevin Beaumont, a U.K.-based security architect, examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telefónica. He said it is likely the ransomware will spread to US firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. “It has a ‘hunter’ module, which seeks out PCs on internal networks,” Beaumont said. “So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies.” This kind of thoughtfulness just warms the heart!

The ‘hunter’ module is a worm function. One of the trends with malware and ransomware in particular is that it morphs over time, acquiring new behaviors to avoid detection and infect by alternate means. Protection against such threats is by all means an arms race and so, as long as there is computing, no computer or its data is ever 100% safe. Old recommendations still hold true:

Update your systems and software: software which no longer receives patches for detected vulnerabilities puts your system at risk.
Do not click suspicious links and be wary of emails from unknown senders and unexpected attachments. (If your company still publishes jobs postings requesting application by email submission, STOP! There are safer ways to hear from prospective hires.)
Back up your data: often, to removable media, store it off site. A backup drive constantly attached to a system will be just as quickly locked by ransomware. Are you relying on a file sync service as your “off-site” copy? It too will be compromised by ransomware because your computer always has access to it.
If you use public wifi be sure your system is secured with patches, automated malware protection, software firewalls, trusted VPNs and smart use.

Events like this show us just how vulnerable our businesses and lives are where they are so dependent on technology. None of us is immune really. However, the steps above are simple enough to teach anyone, from children to grandparents. Car and home owners have gotten used to the idea that automobiles and buildings need regular maintenance and care to keep them useful. Technology and its sundry pieces are no different. If you need assistance in making sure your network is secure, contact us. Losing sleep with worry solves nothing and ignoring the problem does not make it less real. Taking effective action will make you feel much better!

Essential Tech Solutions logo

207-608-8900

Mon - Fri: 9 AM- 5 PM
By appointment
Sat- Sun: Closed