Earlier this year, over 33,000 databases were hacked in what was, at the time, the largest ransomware attack ever seen. Now just a few months later, a new threat has already eclipsed the record by a full order of magnitude – and it’s not over yet. Let’s take some time to examine WannaCry and understand what it is, how we can protect ourselves, and most importantly what we can learn from it.
What is WannaCry?
WannaCry is a computer worm that encrypts all of the data on the affected machine and demands a bitcoin payment of around $300 for the decryption key. In just a few short days, WannaCry has infected over 300,000 machines in 150 countries, making it unprecedented in scale. While a kill switch built into the software slowed down the initial attack, sophisticated new variants are already coming out with no kill switch. The culprits are still unknown as of this writing, but evidence points to similarities between the code used in WannaCry and other viruses written by hackers linked to the North Korea.
What makes WannaCry truly unique is the direct human impact that it has had on governments, corporations and consumers around the world. The attack had a crippling impact on the UK’s National Health Service, with reports that “UK hospitals have effectively shut down and are turning away non-emergency patients”. French automaker Renault was forced to shut down several factories as a direct result of the attack, while U.S. shipping leader FedEx confirmed that their systems were impacted. But the biggest impact is being felt in China and Russia, where the prevalence of Windows piracy prevented many users from applying the patch to fix the issue. In China alone, 40,000 institutions have already been impacted, including state giants PetroChina and China Telecom.
How Can I Protect Myself?
The most effective way to protect yourself from WannaCry – or any other type of ransomware – is to prepare ahead of time. Once your system is infected, there’s no realistic way to decrypt all of your data without paying the ransom – and even that’s no guarantee. After you’ve paid the ransom, you’re trusting the hackers to manually provide the decryption key, which can take days or even weeks (assuming they decide to provide it at all).
There are two key things you can do to protect yourself from future attacks:
- Ensure that OS and virus definitions are kept up-to-date. Nearly all complex systems have security vulnerabilities, and many are found months, years or even decades after the software is first released. WannaCry leverages the EternalBlue exploit, which Microsoft patched in a critical security update back in March. As an IT administrator, you’ll want to make sure that all Windows machines on your network receive this patch, either through automatic updates (for Windows 7 or above) or by manually applying the patch to systems running Windows 8, Windows XP or Windows Server 2003.
- Backup your critical data in a separate location. Ransomware operates on the assumption that you don’t have data backups; if you do, you can simply restore the data and get back up and running. What makes WannaCry unique is that it’s a self-replicating worm, meaning that it automatically tries to spread to other computers on the same network. You’ll want to make sure the backups are properly isolated to prevent them from being encrypted as well, either by segmenting your network or using a cloud backup solution. BlackBerry Workspaces supports both options and can help you protect files across all major desktop and mobile endpoints.
How Can BlackBerry Help?
BlackBerry’s unparalleled cybersecurity expertise can help your business recover from ransomware attacks and more importantly prevent them in the future. BlackBerry Cybersecurity Services now offers a Ransomware Readiness Assessment, helping your organization review its current security posture with an emphasis on the capability to withstand a ransomware attack. Our team of experts will identify missing patches that allow WannaCry and its many variants to attack your systems, and also test your backups and disaster recovery.
How do we Move Forward?
While it might dominate current news headlines, the reality is that WannaCry is just the tip of the iceberg. Cyberattacks continue to increase exponentially in size and frequency, causing billions of dollars in damage to our governments, businesses and society. As we move towards the Internet of Things, these types of attacks will only get worse, threatening not just our privacy and security but also our personal safety. We’ve already seen Denial of Service attacks powered by IoT devices; how long before hackers start encrypting data on self-driving cars or even holding power grids for ransom?
WannaCry teaches us many lessons, and we need to make sure that these lessons endure long after the news cycle dies down. WannaCry teaches us the importance of secure software updates, which many IoT devices still don’t support. It teaches us the need for remote file backups, which many companies and individuals still don’t do. But most of all, it teaches us that cybersecurity needs to be proactive, as the costs of recovering from an incident are orders of magnitude higher than the costs of preventing it. If we can learn from these mistakes and take the right actions, then we have a good chance of preventing the next WannaCry.
(Reproduced from the BlackBerry blog).