Malware Attacks: #WannaCry

Information security threats are continually evolving. It is difficult for any organization to keep up with the latest cybersecurity threats and allocate sufficient human and technological resources to fight ransomware and other cyberattacks. On Friday, a large-scale cyberattack spread across 100 countries, including the United Kingdom, Russia, Spain, Italy and India. The cyberattack affected the IT systems of banks, telephone companies and hospitals. A Malware known as “WannaCry” a form of malicious software known as ransomware, designed to hold infected users’ hard drives hostage has already infected more than 100,000 computer systems with Russia, Ukraine and India which have seen the greatest number of attacks. Ransomware is a form of malware designed to steal money from individuals, businesses and other organizations by holding their data hostage. Ransomware is big business. Ransoms can range from a few hundred to thousands of dollars and it is usually paid in the "virtual" currency called Bitcoin, which is nearly impossible to trace.

According to cybersecurity firm Symantec's Internet Security Threat Report released in April 2017, the number of new versions of ransomware uncovered during 2016 more than tripled to 101, while the number of ransomware infections the company spotted jumped 36 percent. Verizon's recently released 2017 Data Breach Investigations Report notes that ransomware accounted for 72 percent of the malware incidents involving the heathcare industry last year. Among the government agencies and companies affected by “WannaCry” include UK’s National Health Service, FedEx, Spain’s communications giant Telefonica and the Russian Interior Ministry. A reason why the ransomware attack affected so many NHS hospitals was that they were still using Windows XP. Windows XP an old Operating System released in 2001 by Microsoft that stopped providing support for the OS three years ago. Since of the large amount of personal information collected about patients, hospitals and other healthcare providers are prime ransomware targets. “WannaCry” automatically encrypts infected computers and demands a $300 payment in bitcoin for decryption keys to be released. Most ransomware that has become one of the most lucrative sources of income for cyber criminals spreads via email and requires a victim to click on a link for them to become infected. The group behind “WannaCry” used Eternal Blue to turn their ransomware into a malicious programme known as a worm. A worm is a self-propagating attack that automatically spreads through the windows file-sharing loophole. At the heart of WannaCry’s potency is a sophisticated hacking tool stolen from the US National Security Agency (NSA). The tool exploits a security loophole in common filesharing protocols run on Windows computer software, effectively allowing hackers to move laterally through networks and between organizations via any legitimate enterprise file-sharing arrangements that have been set up. The spread of WannaCry illustrates the extent to which many organizations still do not regularly update their systems, despite the urgent need to regularly do so. WannaCry encrypts its victims systems using a 2048-bit RSA key. Using the computational power of a standard desktop machine with an up-to-date processor to crack such a key would take roughly 6.4 quadrillon years. A hacking group called Shadow Brokers released the malware in April.

Ransomware is definitely on the rise as cybercriminals turn to increasingly savvy and tougher to prevent means of monetizing cyber-attacks. For organizations who become victim to ransomware attacks, the consequences have been devastating. Ransomware that lands in some shared locations within networks can literally paralyze an organization's operations. Ransomware is notoriously challenging to prevent altogether, leaving many organizations believe that a reactive approach is the only way to go. Preventing ransomware attacks in the first place can save your organization tens of thousands of dollars or even millions of dollars in losses due to interrupted operations and huge data loss. Taking proactive steps to minimize the odds that your organization falling victim to ransomware is necessary.

Here are the steps you should take to protect yourself against ransomware:

• Install and use an up-to-date antivirus solution. Ensure your antivirus is installed on endpoints of your organization. Ensure tamper protection is enabled. Tamper protection will prevent malicious software from turning off the antivirus application. Antivirus will help catch malicious software before it installs or can help prevent its spread in the event it successfully installs.
• Make sure your software is up-to-date. With employees bringing their personal devices into the workplace, IT admins have to make sure that those devices are just as secure as their managed devices. They need to see if devices are out of date, rooted, or otherwise posing security risks. Otherwise, they are leaving known vulnerabilities open to hackers.
• User awareness training. Ensure all users are aware of threats and how to avoid them. Never open email attachments or click on links from a sender you do not know and trust. Phishing and social engineering are ongoing problems that are often the main open door leading to a data breach. For example, teaching end users how to identify phishy e-mail and not to click on links in e-mail without knowing they are from a trusted source is a critical step in preventing exposure to malicious software.
• Changing Passwords. The most popular password in the world remains 123456, proving the point that passwords are easily guessed and easily bypassed. Use two-factor authentication. A hacker may steal your passwords, but it is nearly impossible to steal those and your smartphone or token at the same time.

Understanding how hackers operate will give you a cyber-advantage. Organizations should deploy security controls to mitigate the risks. Once a weakness is found, the next step the attacker will take is to breach the cyber security perimeter or send emails containing malicious software like ransomware and gain access. Even though being a threat that is expected to grow according to many projections for 2017, you can protect yourself against ransomware. Apply cybersecurity solutions that can identify and block malware attacks in real-time. Keeping your systems and applications up-to-date and back-up your files and keep copies offline to be able to retrieve the files without having to surrender to the ransom.