LANSPEED BLOG
 
 

 

POPULAR TOPICS:   SECURITY   |   DISASTER RECOVERY   |   BUSINESS CONTINUITY   |   CLOUD   |   STRATEGY/PLANNING

WannaCry Ransomware: What is it? What can I do?

May 16, 2017 10:55:00 AM / by Michael LaFond


The WannaCry ransomware outbreak made big news this past weekend - it is said to have affected thousands of computers in more than 150 countries. It is important to understand what this outbreak is and ways you can prevent outbreaks such as these from having a catastrophic impact on your own network.

WannaCry: What is it?

Appropriately named, the WannaCry (also known as WCry, WannaCrypt, WanaCrypt0r and Wana DeCrypt0r) attack is a type of ransomware that behaves like a worm, spreading automatically on the  

ransomware

network by taking advantage of a weakness in the Windows Server Message Block (SMB) service v1 (a legacy network protocol allowing Windows computers to share files and printers across the local area network), making this a dangerous network threat. Ransomware, specifically, is a type of malicious software that blocks access to a computer system and/or files. The catch is that the system "may" be released  if a sum of money (the ransom) is paid to the hackers.

If a computer and/or server is victim to this attack, files become encrypted with 128-bit AES encryption and file extensions are changed to .wnry, .wcry, .wncry and .wncrypt. The software then displays a message similar to the one below demanding a $300 ransom in the form of bitcoin payment. Infections typically occur from an infected email attachment or infected website and then it spreads on the LAN from there. Outdated versions of Microsoft operating systems were especially vulnerable, such as Windows Server 2003 and Windows XP, because of their reliance on SMBv1. Using a cryptographic loading method, the WannaCry DLL is never directly exposed on the disk and, typically, is not detectable to traditional antivirus software.

WannaCryRansom.png

What can I do?

With your focus on on the day-to-day operation of your business, we want to help support your network so that you can continue to work with confidence. Attacks like this will certainly continue with variations popping up. There are a few key areas outlined below that can help prevent ransomware infections and can minimize the depth of impact should an infection occur.

 

Patching

Microsoft previously released a security update in March (Security Bulleting MS17-010) that addresses a key vulnerability being exploited by these attacks. For computers and servers that are covered under Lanspeed managed services, these patches were on our whitelist (a.k.a. they had been approved). We are reviewing patch logs to ensure that the referenced patches have been deployed. If they have yet to be deployed to specific computers and servers, we are working to address those machines directly.

Although older operating systems, such as Windows Server 2003 SP2, Windows XP SP3 and Windows 8, are no longer supported by Microsoft, they have released unsupported security patches to address WannaCry. These patches have been made available for direct download:

Within the Network Health Review process, we strongly recommend running current versions of Windows operating systems, such as Windows 10, Windows 8.1, Server 2012 R2 and Windows Server 2016.

 

Business Continuity & Backups

The most critical area of network protection from a ransomware attack is business continuity. Quality backup solutions do not just backup critical data files any longer. Backups should allow for continuity of operations when a disaster strikes. If your systems and/or data are held hostage, your entire business may be at risk.

The number one solution we've used to recover client data from ransomware attacks is business continuity services built upon Datto solutions. Datto solutions are monitored and maintained by our Centralized Services team to proactively ensure that backups are operating as expected. It is important to keep backup services up-to-date and under an active hardware warranty. Solutions are becoming more sophisticated than ever and can even detect if data within the backup was infected with ransomware. Most of our managed service customers have a Datto solution implemented for at least one area of their network.

 

Security Prevention

Security prevention has evolved far beyond the use of traditional antivirus scanning. Security solutions, such as those from Sophos, are evolving to communicate across product lines. For example, if the firewall can communicate with the endpoint on the workstation, and the workstation is compromised, the firewall can isolate the workstation from the rest of the network. With certain solutions in place, the ransomware infection can even be detected, blocked from spreading on the machine and the network and the source of the infection can be identified.

New Call-to-action

 

Education

Ransomware will continue to be a threat into the foreseeable future. One of the most important, yet overlooked, areas of risk mitigation is in employee training. Most attempts to hijack a computer start with baiting the user with what looks to be legitimate information from a credible source. Slowing down to follow a few key best practices can greatly reduce the likelihood of an infection.

Ninjio is a company that offers a unique method of employee awareness training. They produce educational short videos that grab your attention with emotional tension. Below is a sample video from Ninjio addressing the topic of ransomware that demonstrates their unique approach.

Ninjio-Ransomware.png

Additional Resources

For additional information regarding ransomware and the WannaCry outbreak, here are some additional resources:

 

Topics: Security, Disaster Preparedness & Recovery, Best Practices, Managed Services, Network, News & Events

Michael LaFond

Written by Michael LaFond

Michael manages our Service Desk Team and our key business systems. His attention to detail and genuine concern for others are what make him the right man for the job. Michael lives in Hays, KS with his wife, son and daughter. Michael enjoys creating new things, cooking, reading, playing basketball, watching the Chiefs and listening to almost any kind of music.

Top 15 most CRITICAL questions to ask about your network every month. 
 
 
Subscribe to our blog get a copy of our 100% free checklist:
 
Monthly IT Health Checklist

Search This Blog

Latest Posts

Popular Posts