Thing We Should learn from WannaCry Ransomware

Thing we should learn from the ransomware

What should we learn from WannaCry Ransomware?

A week ago, we have seen a new ransomware with code name WannaCry spread rapidly all over the world, infecting thousands of computers and causing crisis in a wide range of industries

What is Ransomware

Ransomware is malware that encrypts all of the contents on a computer’s hard drive, locking them behind a password. Also included is a time limit: Pay up soon or the files are gone forever. Ransomware is chillingly effective because it takes advantage of structural and beneficial features of the internet. Widely available strong encryption makes it virtually impossible to brute-force a key to unlock the files — that is, to guess a password, using automation to try several times a second. Complex and interconnected systems like those that serve hospitals or utilities companies are vulnerable on several fronts, and are difficult to maintain and secure because of that very complexity and interoperability.

Always System Updates to Increase Security

CompTIA Senior Director of Information Services Infrastructure Robert Rohrman shared several vital lessons ​for cybersecurity professionals.

“One is to keep ahead of security,” he said. “There is no perfect plan to prevent all attacks, but installing vendor patches in a timely manner and having an updated plan in place for all client machines is a good start.”

Rohrman said that far too many machines still run outdated operating systems like Windows XP and Server 2003 and simply do not have the proper security protocols in place to prevent ransomware attacks like the one we just saw.

“A globally managed update system for clients and server/hosted resources is the best way to gain visualization into an enterprise,” he said. Rohrman suggested IT managers have a system or program in place giving a global view of the in-house systems and security situation “that can issue patches and fixes to multiple computers from one console.”

But patching isn’t the only way you can prepare for ransomware and may not necessarily be the first step.

Nearly all complex systems have security vulnerabilities, and many are found months, years or even decades after the software is first released. WannaCry leverages the EternalBlue exploit, which Microsoft patched in a critical security update back in March. As an IT administrator, you’ll want to make sure that all Windows machines on your network receive this patch, either through automatic updates (for Windows 7 or above) or by manually applying the patch to systems running Windows 8, Windows XP or Windows Server 2003.

Always Have Backups

Many clients found out *after* they were infected by Wannacry that their users were storing data locally.  Don’t be that company – either enforce central data storage, or make sure your users’ local data is backed up somehow.  Getting users to sign off that their local data is ephemeral only, that it’s not guaranteed to be there after a security event is good advice, but after said security event IT generally finds out that even with that signoff, everyone in the organization still holds them responsible.

All to often, backups fall on the shoulders of the most Jr staff in IT.  Sometimes that works out really well, but all to often it means that backups aren’t tested, restores fail (we call that “backing up air”), or critical data is missed.

Best just to back it your data (all your data) and be done with it.

Implement continuity planning

What happens if your production system is not available?

Sometime we could stop some of the services or protocol that we not needed . Something like  medical services or airports cant be afford downtime. Setting up a business interruption process, planning of a system or facility is a key step in building resilience, even if it is not in its best condition. Continuity or recovery plans should be recorded (at least) for all key business processes and their supporting systems, as well as potential threat scenarios to ensure that the organization continues to operate.

Conclusion

In the final analysis, cybersecurity is a business issue, not just technology. Network risk is a dimension of the organization’s risk. The best way to organize and respond to a network attack is to adopt an enterprise risk management approach.