Making news late Friday night and dominating media coverage over the weekend, the ransomware WannaCry is perhaps the most devastating piece of ransomware ever, with 230,000 PC’s (and counting) infected, at high profile organisations including NHS trusts, Telefonica and FedEx. We thought we would share our thoughts on the news.
Its not just XP
The NHS and the government have been taking a lot of flack for using XP machines when support went end of life back in 2014. Now although it isn’t always easy for businesses who are tied into legacy applications to move away from an operating system, not coming to an agreement to renew support with Microsoft was a disaster waiting to happen.
The media have honed in on this subject, and this might give some people the impression that only XP machines are at risk. Its important to point out that unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems are at risk too.
Patching is the most important job for an IT Admin
End users and sometimes IT Admins see patching as a nuisance, getting in the way of other more important tasks. Microsoft released the MS17-010 patch back in March that addressed the vulnerabilities that Wanna Cry exploited, so businesses with up to date systems and an effective patch policy are unaffected today.
We speak to too many businesses with a lax attitude to patching. To avoid attacks such as Wanna Cry, patching should be a businesses number one IT priority.
What was so special about Wanna Cry?
McAfee research found more than 250,000 unique samples of ransomware. Obviously most haven’t spread as quickly and with such devastating affect as WannaCry. The difference between WannaCry and other ransomware is that most known ransomware needs user interaction (downloading a malicious file for example) to spread. Wanna Cry uses the NSA developed ETERNALBLUE to exploit Microsoft’s implementation of Server Message Block (SMB) protocol, so no user interaction is required for it to spread.
You could say its like Ransomware gone airborne.
This is just the beginning
Or at least, it’s the end of the beginning of cybercrime attacks, with small and medium sized businesses woefully underprepared for whats coming.
With attacks becoming more sophisticated and changing in nature all of the time, it is not enough to deploy an anti virus software and hope for the best. Businesses must take a holistic approach to cyber security, being proactive in looking for vulnerabilities within their IT systems, having robust security measures in place, and should the worst happen, have a comprehensive business continuity plan to fall back on.
The one positive to come from the Wanna Cry attack is that cybercrime has finally entered the public’s awareness. Hopefully individuals and businesses have realised what very real dangers their face from cybercrime and will work to address the problem.
We’ve also come up with a free guide that lists the most common IT Security threats and what can be done about them. You can get your guide here.