WannaCrypt is only the latest of a number of strains of ransomware to emerge in recent years, following the likes of CryptoLocker, CryptoWall, and Locky, but it has exposed with glaring clarity how and why ransomware presents a significant risk to all businesses. So how can companies protect themselves from infection and potentially suffering operational, financial, and reputational damage?
Understanding the Threat
WannaCrypt is a form of ransomware, and ransomware’s primary aim is to extort money from businesses and individuals who are infected. This is achieved by encrypting files that are saved locally and on shared drives connected to affected machines. Once files have been encrypted, the user is notified and asked to pay money in Bitcoins (an online value and payment method) in order to obtain a key that will unencrypt the files.
What makes WannaCrypt ransomware especially dangerous is the manner in which it can spread from infected machines. The ransomware spread rapidly throughout the world on Friday 12th May, leapfrogging between vulnerable Windows machines.
Vaccinate against Infection
With any strain of ransomware, prevention is always better than cure. Advice on what to do if your firm becomes infected tends to be either to pay the ransom or to restore from backups. The former option comes with serious moral considerations, and the latter is dependent on appropriate backup measures being in place and available.
As the majority of ransomware attacks are proliferated through phishing emails and compromised websites, user education will always be your first line of defence against infection.
There are seven survival measures businesses can take:
· Always ensure Microsoft security patches for servers and workstations are kept up-to-date;
· Take regular backups and test that they can be restored;
· Ensure all antivirus software is real-time updated and that active scanning is on;
· Keep all software up-to-date, including Java, Adobe Flash Player, Adobe PDF, and so on;
· Never click on links or open attachments in emails that you are not absolutely sure of;
· Don’t visit questionable websites, and take care when downloading files and applications;
· Ensure that user access rights are setup appropriately; not everyone has access to every file.
The following measures, where practical for companies, are also worth implementing:
· Restrict permissions to read-only;
· Store documents in a database, for example a document management system;
· Flash is frequently exploited by cybercriminals in order to deliver malware payload, so if you can, avoid using it;
· Implement ad-blocking and anti-spam filters;
· Enable software restrictions through group policies.
Ransomware: An Evolving Threat
All businesses, regardless of their size or the nature of their operations, need to understand the threat that ransomware poses. As Microsoft’s President and Chief Legal Officer Brad Smith commented, “the governments of the world should treat this attack as a wake-up call.”
WannaCrypt ransomware can only (at this point in time) infect unpatched and outdated Microsoft servers and workstations, and so implementing a robust scheduled maintenance program across your firm’s systems and educating your employees of what to watch out for, are essential.