Getting Hit By WannaCry and WannaCrypt Makes You Wanna Kick Yourself
Is your company’s computer data being held for ransom? If so, as you certainly must know by now, you’re not alone. Last week companies and individuals in more than 100 countries around the world became victims of the biggest Ransomware outbreak ever. However, those who got hit were using older operating systems or simply had not applied the latest MS patch. Kind of makes you want to kick yourself for not taking cyber security seriously, doesn’t it?
If you were one of the companies that had applied critical Microsoft Windows patches released in March, you were protected against this attack. If not, there are still many Windows servers and workstations that are potentially vulnerable. The WannaCry (Wcry)/WannaCrypt ransomware threat may still be working its way through other companies using older Microsoft OS systems at this very moment.
No Time to Slack on Cyber Security
Those of us in the cyber security field have known this type of attack was imminent. And unfortunately we will be seeing more copycats, since ransomware threats are not new. This type of malicious software has been traced to threats all the way back to 1989. Those were the days of floppy disks when the ransomware was sent to unsuspecting computer owners.
To mitigate the current threat, your organization should ensure that the relevant MS patches are urgently deployed across your entire infrastructure where the Windows OS is used. Microsoft has issued an emergency patch so you’ll want to ensure that all systems are fully patched with the “MS17-010” security update. Microsoft has also released out-of-band patches for older versions of Windows to protect against Wana, because the original patch did not include XP/Win8.
Back Up and Think Before You Click
Maybe you back up data on a daily basis. Maybe you don’t back up at all. Hmm. I bet you will now. This is simply the most basic method for data protection. In addition, remind all staff to Think Before They Click when they receive any out of the ordinary emails. If you or a co-worker are not paying attention and accidentally open one of these WannaCry/WannaCrypt phishing email attachments, you might infect not only your own workstation, but immediately everyone else’s computer too. Be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it but delete the whole email. Remember: If there’s any doubt, hit delete! Also, take any at-risk machine off the wire until it’s patched.
Ransomware was the most prevalent online threat in 2016, with over 40,000 attacks per day at times, and reaching well over 65 percent of all spam messages that carry malicious payloads. IBM X-Force researchers tracking spam trends noted that the rise in ransomware spam in 2016 reached an exorbitant 6,000 percent, going from 0.6 percent of spam emails in 2015 to an average of 40 percent of email spam in 2016. The situation is only worsening in 2017.
The FBI and international law enforcement have issued alerts about this threat. The FBI estimated that ransomware is on pace to become a multi billion dollar source of income for cybercriminals in the near future.
Protect Your Organization with IBM
Don’t kick yourself if you are or were held ransom. It’s time to move on and protect your organization. When you are ready to explore how to take the most effective measures against further imminent future cyber attacks call our offices. Now would be the best time. VORAS Consulting is partnered with IBM and can provide Watson for Cyber Security. Give us a call today.