WannaCry Distributes Biggest Cyber Attack to Date
A massive ransomware attack has hit worldwide, impacting various countries and tens of thousands of endpoints. According to CNBC, over 200,000 malicious attacks were distributed last Friday, May 12, 2017, in over 150 different countries. However, these statistics are expected to increase as additional information is released.
The ransomware, WannaCry, was able to execute on PCs that had the Windows vulnerability deemed, EternalBlue. EternalBlue was patched in March when Microsoft released an update to plug the security hole. However, if the patch was available two months ago, why did businesses fail to update their systems? Had they done so, they would’ve easily prevented this major attack. Dodi Glenn, Vice President of Cyber Security for PC Matic, states,
“Businesses can’t simply update their computers as quickly as home users can. Internal testing has to be done, before they can deploy patches. Once they have verified that the patch will not break production machines, they can deploy it.”
Avoiding Cyber Attacks
It is always good to make sure all operating systems are kept up to date and have all of the latest patches installed. Older operating systems like Windows XP and Windows 2003 are especially vulnerable as Microsoft ended support for them several years ago. However, because of the emergency situation Microsoft has released patches for XP, 2003 and 8 so be sure to check for Windows updates and get them installed.
Additionally, users should consider updating to a newer operating system if they are still using Windows XP, 2003 or 8. While it can feel hard and inconvenient initially, it will keep your computer much more secure if it has access to the latest security patches from Microsoft. Newer operating systems such as 7,8.1, and 10 had this vulnerability patched months ago.
The Department of Homeland Security has recommended all Americans update their operating systems and employ “vigorous” cyber security measures at home and at school. Glenn encourages,
“Both enterprises and home users should ensure their computers are updated, as soon as possible. Hackers are quick to utilize new vulnerabilities in software, so making sure the security holes are plugged will often times prevent an infection. Additionally, backing up data is critical for both enterprises and consumers. The data should be stored offline, and not connected to the computer, as the computer could become infected, too. Lastly, running an antivirus product on all computers should be common practice.”
The concept of ransomware, or cyber crime, will not be going anywhere anytime soon. Cyber criminals know they are able to steal data, exploit vulnerabilities, and scam home users and businesses out of thousands of dollars on a daily basis. However, there are ways to keep your data safe. PC Matic founder and CEO, Rob Cheng, states,
“Ransomware has become a lucrative business for cyber criminals, therefore it will not be going anywhere any time soon. Hopefully the WannaCry outbreak will be a lesson to many that now is not the time to be reactive. Businesses and home users must prevent these attacks by keeping their systems updated and using a security solution that implements application whitelisting.”
By using a security solution that uses application whitelisting as its primary method of malware detection, far less infections occur. A whitelist solution will only allow known trusted programs to execute. No matter how many different variants of any malware exist, including WannaCry, they will not be able to execute on computers using a security solution that implements whitelisting as their primary method of malware detection.
Already Infected?
If users have already been infected, users should restore the system to a last known good configuration. If files were encrypted, users will need to restore them from backup. Although, if backups are not available, and the data is critical, then users will likely be forced into paying the ransom – however, this is not encouraged. Paying the ransom only positively reinforces the criminal behavior. Also, there are no guarantees the victims will receive their files back after paying the ransom demands.