You’ve no doubt heard by now about the high profile WannaCry Ransomware attack which began spreading across the globe on Friday, and continues to wreak havoc for many this weekend.
Panurgy has been reaching out to businesses in our area to educate them about what Ransomware type malware is, how dangerous it is, and how to take steps to best protect, yourself and your business.
Let me explain what makes this threat different, and potentially much more dangerous, able to quickly cause even more damage than most other Ransomware and malware in general.
Like most other ransomware and malware in general, this new threat, dubbed WannaCry, WannaCrypt, and other variants initially infects a Windows PC via the same method as other malware and Ransomware – a user must open an email attachment or click a link in a phishing email that installs the malicious code. Once installed, the malware will encrypt most files on the local computer’s hard drive – rendering them unreadable and useless – and then proceed to look for any accessible mapped network drives and encrypt all the data files it can find on those network shares as well.
But what makes WannaCry different, and even more dangerous, is that once it’s done encrypting all local files and files it can find on network shares, it then scans the network the PC is connected to for other PCs, and probes those PCs for a vulnerability that Microsoft issued a patch for back in March (MS17-010). When it finds PCs that have not been patched, and are therefore vulnerable to the flaw allowing remote access and control, WannaCry is able to infect those unpatched PCs over the network – without a user needing to open an email, click an attachment, click a link. Just having an unpatched PC on the same network as a PC infected with WannaCry allows the first infected PC to then infect any and all unpatched PCs, encrypting all the files on those PCs hard drives, and then those infected PCs encrypt all files they can find and reach out looking for more PCs to infect on the network, and so on.
So instead of companies having to deal with cleaning one infected PC of a user who unwittingly opened an attachment or clicked a link, you have to deal with potentially dozens or hundreds of infected PCs that were not properly patched and therefore infected by the first PC. Recovery usually involves wiping every infected PC and reinstalling Windows and all applications, as well as loss of all data on the infected PCs that was not backed up, and restoring all encrypted network share files from most recent backup. If you follow our frequent advice, you back up your servers often throughout the day with full image backups that are kept off-line, and safe from the backups themselves being encrypted. But if not, you may lose days or weeks’ worth of data or worse, depending on how good your data protection solution is.
That’s what makes WannaCry so much more dangerous. If your PCs are not patched against the vulnerability that MS first released a patch for back in March, one user clicking a link or opening an attachment and getting infected could then very quickly infect all your PCs. The devastation to your business could be daunting, as so many businesses and government agencies across Europe found out the hard way starting Friday.
Luckily, an anonymous security researcher discovered a hidden “kill switch” in WannaCry’s code that was designed to stop the spread of the infection if a very specific public web domain name existed. When the code first infects a computer and executes, it checks for the existence of this unique web domain, and if found, it stops execution. Upon finding the hidden kill switch, the researcher quickly registered the domain name, and so for now, the spread of WannaCry has paused. No doubt this is a temporary reprieve, and a new variant will be released shortly that does not include the kill switch.
So how do you protect yourself and your business? It’s absolutely imperative that you make sure your organization has fully implemented each and every best practice recommendation, to provide the best possible multi-layered defense. The consequences are too great to put off or for any reason fail to implement the following protection mechanisms that are not optional – but essential to protect you and your business:
- Keep your systems patched with all critical and security updates – both operating system and application (i.e. Adobe apps, Java, etc.) updates.
- If you subscribe to Panurgy Total Support (PTS) Help Desk/PC support, or our Desktop Admin managed service, we actively keep your Windows and Mac computers patched with operating system patches and major application patches.
- The vulnerability exploited by WannaCry to allow one infected PC to reach out over the network and infect any other PC with the vulnerability was patched by Microsoft in March, and if you subscribe to Panurgy’s Total Support the patch management solution pushed the update out to all contracted PCs with our management agent back in March. Since then Microsoft has updated the initial patch with a superseded version in April, and again earlier this month
- Microsoft has long-ago stopped supporting or issuing patches for Windows XP and Windows Server 2003, and so patches for the vulnerability were not released for those operating systems back in March, leaving them vulnerable. Last night, Microsoft took the highly unusual step in releasing patches for those 13-year-old operating systems as well. Those systems cannot be patched through Windows automatic updates, but you can now visit Microsoft’s website and manually download and install patches for Windows XP and Windows Server 2003 systems. Of course, our recommendation, like Microsoft’s, is that if you still have any Windows XP or Windows Server 2003 systems in your environment that you retire and replace them immediately, for just this reason.
- Keep all PCs and servers protected with up-to-date anti-virus and anti-malware software.
- If you subscribe to Panurgy’s Managed Anti-Virus solution, or to Panurgy Total Support (PTS) Help Desk/PC support, which includes Managed Anti-Virus and anti-malware protection for all your covered systems, then your systems are running Webroot SecureAnywhere anti-virus/anti-malware protection, and Webroot does indeed detect and protect against the current strain of WannaCry. But please remember, anti-virus software alone is NOT adequate protection. Inevitably, new strains of malware are released into the wild on a daily basis, and systems absolutely will become infected before Webroot or other leading AV vendors can update their protection engines. Having a good anti-virus solution is imperative. But it cannot be your only defense. You must implement several layers of defense.
- Filter all incoming e-mail with a cloud-based e-mail security solution that weeds out most spam, virus attachments, and phishing and spear-phishing e-mails
- Like anti-virus software, no email security filtering solution is perfect and will catch and block 100% of spam, virus attachments, or phishing/spear-phishing attack attempts. But allowing your employees to send and receive email without a good email filtering solution is like driving a car without a seat belt or air bag. And a good email security solution will also provide messaging continuity services in the event of a failure/outage of your primary mail server/solution, ensuring your ability to keep communicating uninterrupted in the event of a failure of your mail server. You can also opt to subscribe to add-on services like email archiving and/or encryption services.
- Implement a best-in-class data protection and business continuity solution that performs FULL, IMAGE-LEVEL BACKUPS OF ALL SERVERS, MULITPLE TIMES PER DAY – as often as possible – and ensure those backups are kept offline, safe from malware. And enforce a policy requiring your users to save all important data on those protected servers – NOT ON THEIR LOCAL PC/Mac HARD DRIVES!
- No matter how good your Anti-Virus protection is, and how vigilant you are in keeping all your systems patched, and filtering your incoming email with an email security solution that filters for spam, viruses, and phishing scams… YOU WILL BECOME VICTIM OF MALWARE – AND MOST LIKELY RANSOMWARE – at some point. It’s not a matter of if, but when. Microsoft, Adobe and other software vendors are always playing catch-up to patch identified vulnerabilities, and AV and email security vendors are always scrambling to update their protections systems to guard against new attacks every day. Inevitably, you will be hit by something new that exploits a vulnerability not patched yet, or something not yet detected by the latest AV software. Once you’ve been infected by Ransomware, the ONLY sure protection to recover your files and get your business up and running with little to no down time and little to no data loss is THE RIGHT DATA PROTECTION SOLUTION. Traditional backup solutions will NOT protect you!
- If you subscribe to Panurgy’s Total Data Protection solution, than you know that we are performing FULL, IMAGE backups of your entire servers – all files, all folders, all application, the operating system itself – a complete image of all server hard drives – every 2 -3 hours around the clock. And these backups are not “online” backups – like an always-connected cloud file sync backup, or an external hard drive or NAS that you backup your files to. Those backups are just as vulnerable to becoming encrypted as the protected files on the servers themselves – rendering the backups useless. You need a total data protection solution that creates full backups of every single file, multiple times per day, and keeps those backups offline. Then, in the event any of your files on any servers are encrypted or lost in any way, you can quickly restore those files from the latest backup (always less than 2-3 hours old) or from a prior backup point – just prior to the time of infection/encryption – resulting in virtually no data loss, and very quick recovery of all business operations – without paying any ransom, (which still doesn’t guarantee you will get your files back).
- But even if you subscribe to Panurgy’s Total Data Protection solution, or one like it, you still must insist on enforcing a policy whereby all your employees always save any and all important data to the server(s), where the data is indeed protected by the backup solution, and not save any data on local PC/Mac hard drives, where it will NOT BE PROTECTED, and is vulnerable to total loss in the event of a ransomware or other malware infection, failed hard disk, or stolen/lost laptop.
- And finally, and just as important as the prior steps, PROVIDE ALL YOUR EMPLOYEES WITH ONGOING SECURITY AWARENESS TRAINING.
- Your employees are your first and best defense, but also your greatest weakness. Almost always, an infected computer, and the network-wide data destruction and devastating business downtime that often comes with an infected computer, are the result of an employee unwittingly opening an email attachment, or clicking a link in a phishing email, that allows the malware to infect their PC. Possibly worse – many employees, including high-level C-suite executives, have fallen victim to targeted spear-phishing (also known as CEO/CFO-fraud) email campaigns, and thinking they were following the instructions of their boss/CFO/CEO, transferred monies as directed to pay an invoice. But the email did not really come from their boss/CFO/CEO, even though it sure looked like it did, and the money has now been transferred to the bad actor’s offshore bank account and will never be recovered. YOU MUST ENROLL YOUR EMPLOYEES IN ONGOING SECURITY AWARENESS TRAINING.
- Panurgy has partnered with Kevin Mitnick (“the world’s most famous hacker”) and KnowBe4, Inc. to be able to offer you a comprehensive program to quickly, effectively train all your current employees and future new hires on the cyber threats they face every day, and how to identify them and protect themselves, and your company, against malware, ransomware, phishing, spear-phishing, social engineering and other hacking and attacks. The program provides for a very effective initial self-paced online training course, as well as ongoing email-based tips and tricks, reminders, “What’s new” newsletters warning against the latest threats, and more. The program also provides for initial “baseline” and ongoing periodic simulated phishing email attacks to your employees. This serves to show how well security-aware and vigilant your employees are right now, and how well they employ very important best practice safeguard techniques today. And through periodic ongoing simulated phishing email tests, keeps your employees on their toes and vigilant in practicing the important techniques they will have learned to identify and protect against email-based threats, while also showing you how well-postured your organization is against constantly evolving threats. This program and it’s comprehensive reporting features also serves to meet the requirements of PCI, SoX, HIPPA and other regulatory compliance programs and Cyber insurance policies that require you to show that all your employees are provided with ongoing security awareness training.
Click here to enroll today in
Panurgy’s KnowBe4 Employee Security Awareness Training.
Contact a Panurgy representative today to learn more on how you can protect your organization from cyber attacks and take the necessary steps to avoid being a ransomware victim. Call 973-400-3700 today.