How Can I Protect Myself? “WannaCry” Ransomware

I’m a personal finance blogger on the weekends…but I manage a cybersecurity operations team for a $10B organization as my day job.

Over 90% of cases of successful data theft are related to vulnerabilities which are KNOWN and PATCHABLE. Please take a look through this post to ensure you are protected against the latest major ransomware attack (named “WannaCry”).

Please contact me if you need any assistance.

Some Context

Yesterday, a new cyber attack was launched across Europe and has been called “one of the most damaging cyber attacks in history” (CNN Money).

Here’s a quick excerpt from CNN Money:

“Cybersecurity firm Avast said it had identified more than 75,000 ransomware attacks in 99 countries, making it one of the broadest and most damaging cyberattacks in history.

Avast said the majority of the attacks targeted Russia, Ukraine and Taiwan. But U.K. hospitals, Chinese universities and global firms like Fedex (FDX) also reported they had come under assault.

Europol said Saturday that the attack was of an “unprecedented level and requires international investigation.”

Impact analysis according to Threat Post:

“Yesterday’s attack overran many businesses in Europe at the start, hitting hardest in Russia, Ukraine and India. Large telecommunications companies in Spain and many NHS healthcare facilities in the United Kingdom were also affected, as were other enterprises worldwide. Employees were told to shut down and unplug machines, and in the case of the U.K. hospitals, patient care at many facilities was affected. Non-emergency surgeries were postponed and patients were diverted to other facilities.”

How to Prevent Infection

Plain and simple, this is a Microsoft Windows vulnerability. This means that if you are running a Microsoft Windows machine (server or PC), you are vulnerable to this attack.

For Windows 10 users:

Update the Windows Operating System

  1. Click Start Start symbol, then type “Update” into the search box, click Check for Updates
  2. Once the update window opens, click the Check for updates button

 

Update Windows Defender (If Not Running a 3rd Party Anti-Virus)

  1. Click Start Start symbol, then type “Windows Defender”
  2. Click “Windows Defender” to open the app
  3. Once Windows Defender opens, go to the Update tab and click Update Definitions

For Windows 7 users:

Update the Windows Operating System

  1. Click start, then type “Update” into the search box, click Windows Update
  2. Click Check for updates on the left side of the window
  3. Once the check is complete, click Install Updates

Update Windows Defender (If Not Running a 3rd Party Anti-Virus)

*Note: You may already have Microsoft Security Essentials (or some other 3rd party anti-virus product) installed. If you do, Windows Defender will not be enabled (they don’t play well together). If you see a message that says “This program is turned off”, that’s probably the case.

  1. Click start, then type “Defender” into the search box, click Windows Defender
  2. On the Update Tab, click Update Definitions

For All Windows Users Running a 3rd Party Anti-Virus

If you have a 3rd Party anti-virus product such as McAfee, Norton, Kaspersky, Avast, Trend, etc… Make sure you open those apps and update their versions and virus definitions.

This will ensure that your AV agent has the correct signatures in place to detect this new strain of ransomware.

Back up your data!!

If all of these controls fail, and you do become infected, your only recovery option is going to be to restore from a backup of your data.

Here are some options to consider:

USB Drive Backup

Tried and true method… Here are a few from Silicon Power that I love because they are rugged and have decent size. I have a 2TB drive, but they come in 1TB, 2TB, and 4TB options. (affiliate links):

$58.99: Silicon Power 1TB Rugged Armor Military-grade Hard Drive
$99.99: Silicon Power 2TB Rugged Armor Military-grade Hard Drive
$158.99: Silicon Power 4TB Rugged Armor Military-grade Hard Drive

 

Online Data Backup

If you don’t want to fool with drives, you can go with an online option. A few popular options are iDrive, CrashPlan, and Carbonite. I’m currently testing them to determine which I like best, but these are the biggest players in this space.

Running a Business With Microsoft Servers?

If you are running a business which utilizes Microsoft Windows Server operating systems, you should apply patch MS17-010 immediately. Microsoft even released patches for Windows Server 2003 and Windows XP this morning, in case your business hasn’t moved away from these deprecated systems (yikes!).

Other items to consider for Windows Servers:

  • Host-based firewall, the Windows Firewall does a fine job, make sure you have proper exceptions to whitelist appropriate traffic
    • Focus attention on blocking unwanted traffic to ports 139 and 445 (SMB)
  • Anti-Virus definitions up-to-date
  • Perimeter firewall, if you have one, make sure to block inbound/outbound SMB traffic on ports 139 and 445 (hopefully this is already the case)
  • Backups – make sure that you are taking good backups (weekly fulls at a minimum, but including a nightly differential backup is so much better).

Ongoing Threat

These types of cyber attacks are an ongoing threat and challenge. Most people don’t know what to do so they just freeze or throw their hands up and do nothing. Remember that most compromises take advantage of “low hanging fruit”.

I view it much the same as we all view personal finance. There are actionable steps you CAN take to protect yourself and your information assets.

Patching and backing up your system are just a couple of them. Please comment and subscribe for more tips like this!

2 Replies to “How Can I Protect Myself? “WannaCry” Ransomware”

  1. Anytime there is software, there will be bugs that enable RCE. How does your organization deal with it? Do you just email everyone telling them to update, or do you remotely manage their systems and force the upgrade?

    I used to work for a large defense contractor and they just emailed us telling us to upgrade. I always thought it was kinda lame.

    1. Our org has set a KPI target of 98% security patch compliance within 30 days of vendor release. So, when Microsoft releases patches on Patch Tuesday, we are applying patches that same Thursday to test environments. Three weeks later, 100% of servers are patched and typically 90% of workstations. The rest come in over the final week. We have lots of reporting and weekly vulnerability management meetings to keep tabs on progress of systematic patching but also prioritization of other known vulnerabilities on the network.

      Yeah, asking your users to patch is like asking my 3 year old to go get herself ready for bed.

Leave a Reply

Your email address will not be published. Required fields are marked *