What have we learned from WannaCry?

We need to convince people to proactively guard against ransomware.

victor cruz wannacry
Victor Cruz

Ransomware has been a growing threat for a couple of years now. More than 4,000 ransomware attacks have occurred every day since the beginning of 2016, according to an FBI report. So, it was no surprise to find it in the headlines again recently. The WannaCry ransomware attack proved to be one of the most successful and widespread to date -- it took a single day to infect more than 230,000 computers across more than 150 countries.

WannaCry was able to spread so effectively because of a known vulnerability that Microsoft patched back in March. Organizations that fell victim had failed to patch, and many lacked basic security protections and working backups. Analyzing in the aftermath it’s clear that we have a problem. We already know exactly how to guard against ransomware, the problem is that many organizations aren’t doing it.

Patching as a priority

We understand that patching software in enterprise environments can be very difficult, particularly in organizations like the National Health Service in the UK, where availability and stability is crucial. Patches must be tested thoroughly in an environment where downtime could literally be the difference between life and death, but when resources are limited it’s easier said than done.

Unfortunately, the only way to avoid future attacks on a similar or even larger scale is to ensure vulnerability patches are prioritized. If there’s going to be any deployment delay, then alternative action must be taken to mitigate the threat. Every organization needs to assess its vulnerability management and have a clear strategy for patching.

Strengthen real-time defenses

There’s a gap between new variants of viruses or malware emerging and standard AV programs or anti-malware tools identifying them. Sometimes that gap is big enough to infect your system. That’s why you should consider endpoint security capable of recognizing and automatically blocking known malicious behaviors in real-time, before they’re able to gain a foothold.

Security is a race and you need to stay ahead of the cybercriminals if you want to win. Real-time analysis is a key element here.

User awareness isn’t enough

We’ve discussed how cybersecurity is only as strong as your weakest link – your employees. Education is an important part of your security efforts. You should teach employees about the risks of clicking links or opening attachments, but that’s not enough -- some phishing attacks are still going to be successful. And in some cases, as with WannaCry, the ransomware spreads without any user interaction.

It’s smart to train people to recognize suspicious signs on their systems and report them, but it’s also well worth stirring user behavior analytics into the mix. Sniffing out suspicious anomalies in user actions can help your IT department to flag, curtail, and sometimes prevent breaches and attacks. Not all attacks come from external sources.

For goodness sake, back up!

Realizing that you don’t have a proper backup after an attack can be like realizing that you don’t have a parachute after jumping out of a plane. There’s no excuse for not having a proper backup plan in place. It should be regular, easy to access, and as complete as possible, but a backup alone isn’t going to make you invulnerable to ransomware.

You will still have to disinfect your machines, report data breaches, and recover encrypted files. It’s important to keep a close eye on system operations and traffic, so you can distinguish data exfiltration or other misbehaviors from backup procedures.

Update systems

Legacy systems and software are a big headache for many enterprises. The cost and potential disruption of upgrading can be too much to bear, but when providers announce the discontinuation of support, cutting off the supply of software updates bearing security fixes, then you must update your systems. Understand that if you don’t act, they are going to be unacceptably vulnerable to attack. If an update is impossible, at least close them off on their own networks and restrict traffic as much as you can.

The best way to guard against ransomware like WannaCry is to take a proactive approach to security that includes vulnerability and patch management, strong protection technologies, and a healthy dose of common sense.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Fall 2018 issue of Security Smart