How to Protect Your Data Against WannaCry and other Ransomware
The WannaCry ransomware attacked organizations around the world – most notably in Europe and the UK. To date, it has affected over 200,000 companies in over 150 countries. Though temporarily halted, the infection resurged as hackers began creating new versions of the malignant software.
The attack spreads rapidly within a network by exploiting a Windows vulnerability. Microsoft released a patch for this vulnerability in March of this year but not all users installed the update, leaving themselves open to infection.
Analysis of the ransomware – also known as WannaCry, WCry, WanaCrypt, and WanaCrypt0r – shows that it encrypts victims’ files and changes the extensions to .wnry, .wcry, .wncry and .wncrypt. Perpetrators of the ransomware demand an escalating ransom payment for the encryption key required to recover your data.
Although this may be the largest single global ransomware attack seen to date, the story is a familiar one. And, so is the response from many companies who were not adequately protected;
- How did this happen?
- Why us?
- What could we have done to prevent this?
- Whose fault is this?
- What is this going to cost me?
- Why did our backups not work?
The bottom line is many companies are still treating IT security like they were in the late 1990’s. They purchase the lowest cost antivirus solution they can find, put a firewall in the back room and never touch it again. They install PCs and servers and either never patch them or patch them only occasionally and randomly. They put in a backup solution and never test that it is actually working. They do not invest in security training for their users and they do not enforce policies like strong passwords, changed regularly. The list goes on…
Steps you can take to protect your company’s critical files right now
- If you have not done so already, install all critical and security related updates on all of your existing Windows systems. Start with Microsoft Security Bulletin MS17-010 to secure your devices against the WannaCry Malware
- For older unsupported Windows versions such as Windows XP and Server 2003, Microsoft has released an emergency patch which can be found at Special patch released, apply immediately
- If you are running MACs, update those as well
- Ensure all your devices have antivirus installed and that it is up to date. Then check with your provider to confirm that it will protect you against known WannaCry variants. If you don’t know who to call, call us, we will assist you.
- Make sure you have a current commercial grade firewall running security licenses that include IPS (Intrusion Prevention) at a minimum. Ensure it is properly configured and running up to date firmware. We use SonicWALL and Sophos firewalls. Both will protect against the known Wannacry variants when running IPS and up to date firmware. However, the likelihood of new attacks, based on the leaked exploits, is high so things can change rapidly no matter what you are running. The addition of a sandboxing service like Capture or SandStorm is easy to do and highly recommended.
- If you are not sure about your AV, consider adding a product called InterceptX from Sophos. It is the most advanced anti-ransomware protection we have seen and it has been 100% effective so far. Even if you are not running a Sophos AV solution you can still add InterceptX. It will run in harmony with your current AV solution
- A good backup is your last line of defense; make sure you have one. Consider adding a Datto (or similar) Backup & Disaster Recovery solution to protect your data if, despite your best efforts, you are compromised.
- Review the security blogs on the Netcetera website, several are relevant
- Create a policy to enforce strong passwords with regular changes (every 3 months recommended). Force a change right now.
- If you do not have mail filtering, consider adding it as another layer of defense.
- At home, consider signing up for the Sophos Home Premium beta, which adds proactive protection against exploits and ransomware and it’s free for the first year.
If you are a current Netcetera Managed client we have already taken care of this for you. If you are not a managed Netcetera client and need assistance or just some advice, give us a call. There is no cost to have a conversation and it just may save you from some unnecessary grief and potential losses.