WannaCry Ransomware: What Happened & How to Protect Your Business from Future Outbreaks

WannaCry—Looking Back

On June 16^th, over 50 people joined our webinar that looked back at the world’s largest ransomware attack, WannaCry.  Our VP of Sales and Marketing, Stephen Riddick, led this educational event in which he described what happened, and what you can do to protect yourself from future outbreaks.

Ransomware attacks and infects your computer with the intention of extorting money from you. The criminal mandates a ransom via Bitcoin to provide the encryption key. (However, beware—Not all ransom payments result in the unlocking of data.)

In 2016:

• 41% of ransomware attacks were in the SMB (small-to medium-sized business) space
• $200 Million was paid in the U.S.
• $75 Billion was the cost of downtime due to ransomware

Ransomware attacks are growing exponentially each month that goes by.  It’s a booming business for hackers.

On Friday, May 12, 2017 the WanaCrypt0r ransomware was detected in hospitals in the UK.  It then exploded across the globe, impacting tens of thousands of computers in over 150 countries. It was the biggest ransomware attack in the history of the Internet. 

The NSA created weapons for the WannaCry Ransomware. Unfortunately, they didn’t notify Microsoft.

Here’s what happened:

• NSA discovered the Microsoft vulnerability and kept it as a cyber weapon.
• The Cyber-Weapons “EternalBlue” and “DoublePulsar” were leaked.
• Hackers used these weapons to exploit a hole—SMB (Server Message Block) Port 445.
• It scanned ports, gained entry, encrypted, and spread.
• A security analyst found the Kill Switch in the code.
• Microsoft re-released a patch for ALL operating systems. (It had been initially released in March.)

Note: Microsoft knew about the vulnerability and had released the patch in March, but they didn’t realize it was a critical situation.  When they re-released it, they did so as a critical patch.

Who was affected?  The majority of infections were Windows 7 and Server 2008 machines that weren’t patched.  It was only a Microsoft issue.

(Early reports stated that it was aging, un-supported Windows XP and Server 2008 devices that were at risk.  This was incorrect.  The vulnerability wasn’t as great on these devices.)

The Final Tally of Damages =

• 150 Countries
• 200,000 Computers
• $90,000 in Ransom Payments
• Uncountable Disruptions

Important Note:  It’s a sure thing that more attacks will come! 

How CSP Responded

• Friday evening of the attack: We monitored the Events and researched the Root Cause/Response.
• Saturday: We held an All-Hands-On-Deck:
  • Analysis
  • Communication
  • Overnight Emergency Patching
• Sunday: We continued Patching Remediation

How to Protect Your Business from Future Attacks

A multi-faceted approach is paramount.  It won’t help to simply secure a single point of entry. Just like your home security, you need to secure all the doors and windows.

CSP Provides Tiers of Security…Based on Your Organization’s Needs:

Basic:

• Routine Patching
• Anti-Virus
• Firewall
• E-Mail Security (more than just spam protection)
• Risk Assessment

Intermediate:

• Next Generation (NextGen) Firewall
• OpenDNS* (Domain Name Services)
• User Security Training*
• Content Filter
• Intrusion Prevention

Advanced:

• 2-Factor Authentication* (a 2-way handshake)
• E-Mail Encryption
• End-Point Encryption
• Real-Time Monitoring
• Remote Monitoring

***Plus, there are even more advanced solutions from CSP, Inc.

This is just a brief overview of the situation.  If you’d like a more detailed summary and information about how the team at CSP, Inc. can protect your business in or around Lowell, MA, from the next WannaCry or Ransomware Attack, contact Stephen Riddick at: 919.424.2019 or sriddick@cspinc.com