WannaCry – How to Protect Your Business
On May 12th 2017, businesses and government entities across the world experienced one of the most severe cybersecurity attacks in history. The malware is called WannaCry. It impacted organizations of all types and sizes in over 150 countries across the globe, including major organizations like FedEx, Nissan, Telecoms and Utility companies in Spain, and 61 NHS organizations in the UK.
What is WannaCry?
Also known as WCry, WanaCrypt0r, or WannaCrym, the malware is launched through a Microsoft exploit known as EternalBlue. The ransomware strain poses a serious threat to anyone running Windows machines. The malware has the capability of spreading similar to a worm, compromising hosts, encrypting files stored on them then demanding a ransom payment in the form of Bitcoin. It is important to note that this is not a threat that simply scans internal ranges to identify where to spread, it is also capable of spreading based on vulnerabilities it finds in other externally facing hosts across the internet.
The initial attack, which occurred on May 12, has slowed thanks to a kill switch discovered by a UK researcher. However, cybersecurity experts warn the danger is far from over. They predict a second attack is imminent with an updated version of WannaCry.
WannaCry is a widespread ransomware campaign that is affecting business networks globally
Over 125,000 organizations in over 150 countries have been impacted
Here is everything you need to know about WannaCry to protect your business:
‘Malware’ is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software.
What is Ransomware?
This form of malware locks users out of your computer, until a ransom is paid. Even if you pay to unlock the system, the attack can continue.
How Can Your Business Be Affected, if Attacked?
Businesses affected by WannaCry will face an immediate halt to all operations. As the malware holds networks hostage, all software, applications and data will be inaccessible. As a result, your business can face short and long term losses due to:
- Employee Productivity
- Network Downtime
- Ransom Fees
- Permanent Data Loss
- Compromise to confidential data and client information
- Damage to company reputation
- Repeated Attacks
What to Do if You Are Attacked?
If you suspect that your computer or network has been compromised by malware or ransomware of any kind, disconnect your computer from the network immediately and power it off. Contact a professional IT services company such as i-Tech Support, Inc. to assist with remediation and restoration. Do NOT pay any ransom demands.
The ransomware strain poses a serious threat to anyone running Windows machines
The US Department of Homeland Security advised the following precautionary measures:
- Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching the end users.
- Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
- Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.
- Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
- Only use mapped drives where absolutely needed for end users. Mapped drives like an “S:” drive makes it easy for the attacker to access your company’s main file servers.
- Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full Office suite applications.
- Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
- Have regular penetration tests run against the network. No less than once a year. Ideally, as often as possible/practical.
- Ensure you have a solid backup and disaster recovery system in place and that it is tested regularly to verify your data can be restored in the event of a cyber security breach.
In addition, the cybersecurity experts at i-Tech Support, Inc. recommend implementing a defense-in-depth cybersecurity plan, which includes:
1. A Backup and Disaster Recovery Plan (BDR)
A strong backup and data recovery plan is critical to protecting the information in your network. A backup and disaster recover plan creates regular copies of your files and data and stores them securely onsite and offsite, so data can be quickly and easily restored in the event of a network disaster or cyberattack such as WannaCry. Click Here to Learn More
2. Annual Penetration Testing
Penetration Testing allows vulnerabilities to be uncovered by a professional rather than an intruder. The test shows how a hacker can penetrate a company’s network and how much of their data can be accessed. Owners can learn a lot about weaknesses within their network in an environment they control, rather than having those vulnerabilities exploited by the attacker without warning. Click Here to Learn More
3. Security Policy and Cyber Security Education
The majority of cyberattacks can be avoided by simple education. Security policies keep your team from making small mistakes that can cost you big. Our team of security specialists help you develop an airtight security policy to protect your organization from internal liabilities.
4. Managed Cyber Security Services
Managed Cyber Security is one type of shared IT Support, designed for organizations who don’t have enough resources for internal cyber security teams. Managed Cyber Security services allow organizations amplify their defense against network threats by adding specialized support to their existing support team. Click Here to Learn More
i-Tech Support, Inc offers a full spectrum of cyber security solutions to help safeguard your network from a cyberattack, including:
- Cyber Security Services
- Managed Security Services
- Penetration Testing
- Backup and Disaster Recovery Services
i-Tech Support, Inc. – The Technology to Achieve More
Established in 1999, i-Tech Support, Inc. offers world-class technology support to help businesses achieve more. With divisions dedicated to managed IT support, advanced technology, cybersecurity, cloud services, network assessments, software and consulting, our full service capabilities enable us to be a versatile technology partner for IT departments and businesses in Florida. We support you with the technology to achieve more.