A hacker group steals and publishes cyber weapons from a U.S. spy agency, and a ransomware attack breaches network security all over the world. Then a 22-year-old computer wiz who still lives with his parents thwarts the attack.
It reads like the plot to a techno-thriller, but it’s not fiction, which you already know. And the WannaCry attack is shining a white-hot light on network security and the race you are in against hackers. If it has you nervous, you are not the only one. So, what can you do?
WannaCry and Short-Term Network Security
The unfortunate truth is that you might not be able to get your data back if WannaCry hits your company. With so much attention on them, the hackers may not respond to your request for a key to unlock the files. Whether you pay the ransom or not.
Prevention is your best bet. Before taking another step, you should back up your data and update your company’s network security against WannaCry and any new versions of it on the way.
In March, Microsoft released a security patch that fixes the vulnerability WannaCry exploits in the latest Microsoft operating system, Windows 10.
If you have automatic updates set up in Windows 10, you may remember getting an update. Without automatic updates turned on, you will need to check for updates and install them immediately.
If you are running a previous version of Windows, you will need to install the patch that Microsoft released on May 12. Or, even better, update your operating system to Windows 10.
“The older your software, the more vulnerable you are, so it’s really important to use the latest software with the latest updates installed as soon as they come out,” says Kirk Porter, President of Avitus Technologies. “WannaCry is just the latest piece of malware, but every new piece of malware has others coming after it. It’s endless.”
Ransomware and WannaCry
Ransomware is malware that encrypts the files on your computer so you can’t access them, then demands you pay a ransom (usually in untraceable bitcoin). Sometimes you pay the ransom and get your files back, other times you don’t. If you have to get a key from the hacker, there’s no guarantee you will get one.
WannaCry is ransomware that attacks a known vulnerability in Microsoft Windows, coupled with a worm function that spreads the malware automatically.
Last year, the hacker group Shadow Brokers stole it and other cyber weapons from the National Security Agency (NSA). In March, Microsoft released the Windows 10 security patch. In April, the Shadow Brokers published the hacking tools they stole. Then on May 12, a hacker used WannaCry to hijack computers either running older versions of Windows or Windows 10 without the latest updates.
The attack was the biggest ever, affecting some 200,000 computers in over 150 countries. And it was only luck that the 22-year-old computer wiz was able to slow it.
“I found a sample of the malware behind it and saw that it was connecting out to a specific domain, which was not registered,” Marcus Hutchins told the Guardian. “So I picked it up not knowing what it did at the time.”
In other words, he registered the domain, which cost about $10. That triggered a kill switch coded into the malware.
Long-Term Network Security
Bottom line, update your network security continuously!
Your company needs strong network security against whatever is coming tomorrow, next week, next year, the year after next and so on. To do that, and with cyber threats evolving so quickly, you need experts being proactive to protect your network.
For example, the WannaCry threat isn’t over. To launch another attack, the hackers just need to point the ransomware to a different unregistered domain. They may be doing that right now or even rewriting the code to get around Microsoft’s latest patch.
It’s easy to let your network security lapse. Maybe you think your company is too small for hackers to notice you, or you don’t have time to constantly update your network security.
Unfortunately, there’s no getting around it. The best way to protect your company is to keep your security up-to-date, up-to-the-minute. And that includes providing network security to an increasingly mobile workforce. (In fact, mobile network security gets more important every day.)
Microsoft President Brad Smith agrees, as he wrote on the company’s blog:
As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they are literally fighting the problems of the present with tools from the past.
This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support.
Be Proactive on Network Security!
Network security is an ongoing process. You are in a race with hackers, and the race never ends. You have to use the latest software and install updates as soon as they come out.
Your best bet is to have experts handling your company’s network security for you. That way, you don’t have to shoulder the burden or worry. And you know you will have the latest software with the latest updates installed at all times.
If you have any questions about WannaCry or network security in general, please give us a call. Our IT experts can answer any questions you have.