Ransomware is one of the nastiest forms of cyber attacks around. We’ve previously explained in detail all about ransomware; in essence, it’s a form of malicious software (malware) that locks up the files on a computer and demands you pay a fee to recover them.
Isolated ransomware attacks are nothing new, but in the past weeks the world has seen a widespread ransomware attack like never before. Here’s what caused it, and how to stay safe in the future.
The Attack’s Origins
This attack is known as WannaCry, WannaCrypt, Wcry, and several other similar names. It’s different from other ransomware attacks because it has the ability to replicate itself over a network. The tools used to carry out the exploit were supposedly stolen from the United States’ NSA. Once placed on a networked computer in a business, WannaCry uses a vulnerability in a Windows file sharing protocol called Server Message Block (SMB) to spread to more machines.
SMB allows Windows computers to share files over a network. Several iterations of the protocol exist, but older versions are outdated and only kept in Windows for backwards compatibility reasons. WannaCry uses an exploit in the outdated SMB 1.0 to spread, so other computers don’t even have to click on a rogue email or website to become infected. This makes it incredibly easy to spread and therefore extremely dangerous.
Microsoft released an update for this vulnerability two months before the attack. Obviously, the computers that were infected didn’t have these patches installed in time. If the affected companies would have kept their systems updated, perhaps WannaCry would not have spread like it did.
Because of Windows 10’s default update policy, most installations would not be vulnerable to this. Especially if your computers are properly monitored and patched by your IT service provider. The ransomware mainly hit outdated Windows XP computers. Windows XP hasn’t been supported since 2014 by Microsoft, so it’s a minefield when it comes to security. Since the SMB exploit was publicly known and Microsoft is not actively patching XP security issues, the attackers had an open door.
In a rare move, Microsoft actually issued emergency patches for the outdated Windows XP, Windows 8, and Windows Server 2003 operating systems. This fixes the vulnerability, but won’t prevent a new strain from doing something similar.
WannaCry is notable because it affected major institutions. Daily activities, such as package deliveries, banking, and communications were affected due to locked computers. In particular, the British National Health Service experienced widespread disruption thanks to the attack. Because employees were locked out of the majority of their computers, surgeries were canceled and schedules were tossed about.
It’s fair to say that people died because of this attack. All because the affected companies didn’t bother to update their computers from the archaic Windows XP.
The ransom demanded by the malware is $300, and reports indicate that nearly 10,000 organizations were hit by WannaCry. Computers in the UK, Russia, Ukraine, and Taiwan were all hit, with many other countries experiencing some level of attack too. Thankfully, a security expert found a way to stop the attack in its tracks, resulting in a slowdown after the initial hit. However, this didn’t help any business with computers already locked by the ransomware.
Each time that a major attack like this happens, it highlights important security practices that many businesses apparently don’t follow. The most important is that it’s vital to keep all computers up-to-date. Reviewing the story above, you can see that only computers running antiquated versions of Windows and those not updated with the latest Windows patches were at risk for this attack.
It’s not safe to use Windows XP, Windows Server 2003 or Windows 8 (8.1 is current) anymore. Those operating systems don’t receive patches for critical issues like this, so they’re wide open to problems. On newer Windows versions like Windows 7, it’s a good idea to have automatic updates enabled so they get applied without anyone having to manually install them. However, Windows 7 is going to stop receiving updates in January of 2020, so it’s days are numbered. This is one of the many reasons why businesses should start upgrading to Windows 10.
— Microsoft (@Microsoft) May 13, 2017
Of course, the advice for minimizing ransomware’s impact still stands, too. Having a backup of important files, preferably one that’s not connected to a computer, will make recovering from a ransomware attack a minor detour. Hopefully, the businesses affected by this attack learn from their mistakes and upgrade their systems immediately. The cleanup won’t be fun, but thankfully WannaCry didn’t spread even more.
If your business is still using computers with Windows XP or you’re concerned that you’d be vulnerable to an attack like this, get in contact with us today and let’s make sure your infrastructure is safe.