Since Friday afternoon it seems the whole world has heard of the WannaCry ransomware attack which has impacted over 10,000 organisations and 230,000 individuals in over 150 countries. Whilst efforts have been made to slow the spread of the malicious code new variants are still cropping up. This means now is the time to secure and update your systems to avoid being affected.
In this short guide we cover a few basic steps you can follow to ensure your business is as safe as possible from the WannaCry ransomware and generally speaking the majority of other malicious attacks. This guide is also aimed at large or enterprise business and governmental organisations so some suggestions include advanced or hardware based solutions but as an individual or small-scale business you will also find many simple precautions that will greatly improve your cyber-security too – it really just depends on what is most fitting for your business and the importance of your data.
About WannaCry ransomware.
The WannaCry ransomware attack is an ongoing cyberattack of the WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) ransomware computer worm targeting the Microsoft Windows operating system. The attack started on Friday, 12 May 2017, infecting more than 230,000 computers in 150 countries, with the software demanding ransom payments in the cryptocurrency bitcoin in 28 languages. The attack has been described by Europol as unprecedented in scale.
The attack uses ETERNALBLUE exploit and affects versions of the Windows operating system before Windows 10. Microsoft took the unusual step of releasing security patches for these out-of-support versions of the operating system, which can be downloaded here. Microsoft released a patch on March 14th however, the it only prevents the malware from spreading on internal networks and many organisations are yet to apply it.
Once on your system WannaCry will attempt to spread over the local network. The encryptor scans other computers for the same vulnerability that can be exploited with the help of EternalBlue, and when WannaCry finds a vulnerable machine, it attacks the machine and encrypts its files as well. So, by infecting one computer, WannaCry can infect an entire local area network and encrypt all of the computers on the network. Hence why large organisations like the NHS, Fedex and Spanish telecommunications company Telefónica have suffered the most from the ransomware— the more computers on the network, the greater the damage.
How to protect your business?
First and foremost if you are running Microsoft apply the patch and where possible upgrade your operating system and software as best you can. Saying this, we know that often many businesses are reliant on their current software architectures for reasons not just limited to the potential cost of upgrading – so simply saying ‘upgrade your system’ is not the immediate solution in all circumstances.
The checklist below should be a good starting point:
- Keep up to date. Ensure any software you are using is safe by applying patches regularly when they are released.
- Browse safely. Malcious code is generally spread through phishing attempts and although the attack vector for WannaCry is still unconfirmed (despite many news outlets have suggested) it is still a good idea to browse intelligently, install an ad blocker if needed and generally be cautious about what you are clicking on.
- Install an anti-virus program. Many reputable anti-virus companies already provide protection from the WannaCry attack including Bullguard and Kaspersky Lab.
- Back-up all of your important data. The WannaCry ransomware attack and many others encrypt your files and hold them hostage. By making regular back-ups you can re-install and restore, completely avoiding the worst affects of the attack if it does occur. This could be a cloud back-up or a local back-up, whichever suits your companies needs but it is always better to back-up and not need it than to not back-up and need it. If you are looking for an affordable storage solution feel free to contact us or look through our extensive range of NAS units.
- Block the incoming/outgoing traffic on SMB ports. It has been reported that the WannaCry ransomware uses the SMB (Server Message Block) ports 135, 139, 445 and 3389 on Windows. Most of the time these ports aren’t used by average users and if this is the case for your business then it may be wise to close them.
- Install a hardware firewall. Most average users don’t require a hardware based firewall solution which is fair enough but if your businesses network incorporates a large number of computers often a hardware firewall is much more convenient and adds an extra layer of security. SonicWall Capture Labs analyzed the attack in mid-April and immediately rolled out protection for all SonicWall firewall customers well in advance of the first public attack. This means all currently known versions of this exploit can be blocked from SonicWall protected networks via active next-generation firewall security services. Again, if you are looking for this level of protection we would be happy to help or you can view some of our solutions here.
This is by no means and extensive guide on the protecting your businesses from such attacks but hopefully it will provide for a good starting point from which to build and improve. Any comments with more security suggestions are more than welcome, thanks for reading.