- Use Cases
- Why Dizzion
Coalfire wrote a great article detailing the WannaCry ransomware attack, how to protect your network from it and what proactive measures to take to prevent a future issue (because there will always be another attack). It is 100% worth a thorough read.
While all of their tips are worth following and should be general practice for any organization, a few need special attention because of the major risk they unnecessarily expose companies to.
The reason WannaCry is proving to be so devastating is simple: people routinely ignore security patches.
“Instead of hitting “ignore, ignore” when a pop-up on your screen asks, ‘Do you want to install a critical update and reboot?’ You should just do it. Two months ago, Microsoft released the patch that could have prevented the outbreak. But because so many companies didn’t apply it, the so-called WannaCry attack spread like cholera.” – NPR
WannaCry takes advantage of this wide spread practice as an entry point into an entire network. The attack exploits a known Microsoft vulnerability. Once it finds an entry point, it worms its way through the rest of the network looking for the same vulnerability and self-replicates onto connected unpatched systems (without any action from additional users). What makes this attack particularly frustrating is that it’s largely preventable – Microsoft released a patch for this vulnerability in mid-March (Windows Update MS17-010).
Being diligent about patching and updating your operating system and other applications as soon as security updates are released is critical for this exact reason. Losing 30 minutes to a computer update and reboot may be frustrating, but it is necessary. Because it’s so critical, IT teams may want to take the choice away from end users and push patches.
Coalfire recommends having strong disaster recovery and data backup practices in place. This allows organizations hit by a ransomware attack to “revert to a ransomware-free system” in cases where the attack does not also effect backups. (Remember to patch the vulnerability so the same attack can’t infect your system again). If you can regain control of your data without paying the ransom, you can continue business as usual (unless the attack threatens to release unencrypted sensitive information).
Keep your disaster recovery environment separate from your main data center(s) to protect its integrity from anything from a natural disaster to a power outage to a cyber-attack. Also make sure your backup is kept up-to-date so you have all (or at least most of) the critical systems and data lost to the attack. If it’s absolutely critical that you maintain functionality with minimal downtime (as is the case for many of the healthcare organizations hit by WannaCry) invest in a “Hot Hot” approach to DR to ensure your systems are back up and running as quickly as possible.
Coalfire discusses limiting computing functions and services in both the “short-term steps” and “preventing similar attacks” sections of the article:
The concept is simple: the fewer services, applications and functionalities users have access to, the fewer vulnerabilities and entry points for attacks. If an employee (for example, a contact center agent) doesn’t need access to a traditional email client, then don’t provide access for that user. This stops the possibility of that user clicking on a phishing email entirely.
A key part of ensuring tight data protection is to critically evaluate what information, systems and computing functions each user group needs access to and being diligent in implementing and enforcing these locked-down user profiles. File sharing, email, attachment capabilities, unrestricted web access and application downloading are a few high risk functions that not all employees need access to depending on their job requirements. Implementing smart controls limits outside risk and should be a key component of your IT management approach.
The footprint of this particular attack is what’s gained it so much attention, but as any cybersecurity expert knows, vulnerabilities and cyberattacks are part of everyday life in our tech-heavy world. They aren’t going away, so you need to be prepared to prevent, address and mitigate them going forward. This massive attack is also reportedly not that sophisticated, making the lesson even stronger: companies cannot risk gambling with cybersecurity.
Pay careful attention to Coalfire’s recommendations for increasing your security posture, make data and cyber security a No. 1 priority company-wide, and seek out solutions and partners built on a foundation of security so your organization is protected from WannaCry and from whatever comes next.