ITB - IT Solutions for the next generation
linkedin logo twitter logo facebook logo google+ logo

WannaCrypt Hits Business Hard

12th May 2017
WannaCrypt Hits Business Hard

Yesterdays WannaCrypt (WannaCry) Ransomware attack has catapulted Security into forefront of everybody’s thinking, not just those in IT. This
may present IT security teams with an opportunity to finally get their voices seriously heard.

Make no mistake, Fridays attack was in no way specifically targeted at the NHS. This was more of an attack on vulnerable Windows computers – it just so
happens that the NHS still run a number of vulnerable machines.

The vulnerability, in Microsoft’s SMB File Sharing services, was first uncovered by the NSA who used a tool named EternalBlue to hijack and spy on its
targets. The problem came about when the NSA was compromised and EternalBlue was stolen and leaked online back in April this year. Further exasperating
the problem, another NSA tool, DoublePulsar, was leaked at the same time which once installed, allows a machine to be remotely controlled.

Microsoft were made aware of the vulnerability and released a patch two months ago, however this information was only quietly shared on Microsoft’s blog.
The patches were also only made available for currently supported versions of Windows. In more recent developments though, Microsoft have now released
a patch for older versions of Windows, including XP.

The need for Behavioural based Malware detection, such as RealProtect from McAfee and System Watcher from KasperskyLab, cannot be understated. Traditional
Signature-based detection is no longer viable to protect against this type of threat, because almost as soon as new signatures are released, new variants
of the threat will be engineered making it almost impossible for Security organisations and Analysts to keep up.

The only way for organisations to really protect themselves from this type of threat is to utilise Advance Threat Detection technology compromising of
Behavioural Analytics and Sandboxing tools.

Our recommendations on how to protect your company are:

Always, be on guard for suspicious emails.

  • Advise your users not to click on suspicious emails.
  • Tell them not to open attachments unless you’re sure it is safe to do so. If you are unsure check with IT Support.
  • Email your user base with some examples of what to look out for.

How to protect your business from WannaCrypt

  • Look at running a Phishing simulation campaign to train your users.
  • Update your AV Software, and where possible roll-out behavioural analysis detection methods and sandboxing where possible.
  • Ensure Security Policies.
  • Use a limited number of permissions.
  • Ensure Back-Up is in place and operational. If possible, back-up your data multiple times throughout the day and air-gap this to further secure your
    backed-up data.

Speak to ITB today about IT Security and Ransomware Protection