On Friday May 12, 2017 saw one of the largest global Ransomware attacks in the internet history. In two days, the attack had left over 125,000 computers across 104 countries useless. Public utilities in Spain and England’s National Health Services (NHS) had to shut down operations. Ransomware, is often transmitted by email or web pop-ups, involves locking up people’s data and threatening to destroy it if a ransom is not paid. As a classic Ransomware tactic, affected computers were asked to pay $3000 in bitcoin to the culprit strain known as WannaCry. Its majestic scale was eclipsed by poor execution and low ransom fees — certain signs of an amateurish attack.
According to Kaspersky Labs, the WannaCry, Ransomware is based on a vulnerability that was identified in the Windows Server Message Block protocol and was patched in Microsoft’s March 2017 Patch Tuesday security updates. “On May 12, 2017 we detected a new Ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed,” Microsoft’s summary of the attack began. “While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the malware, known as WannaCrypt, appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install MS17-010 if they have not already done so.”
Vulnerabilities exploited by the Attack
This attack not only impacted computers and businesses but also impacted innocent patients who were kept waiting before receiving care. A lot of organizations are responsible for this attack. Security experts believe the malware may have initially asked people to download it through email in the form of a phishing attack. After that, the malicious code traveled to a broader network of computers that were linked together through the Windows file-sharing system. Organizations across the globe take a lot of effort to stop phishing however most took the “bait” in this case. Another aspect that helped WannaCry conduct the attack successfully was users’ complete neglect towards updating the OS. There are still millions of computers using Windows XP, and without custom support, they’re all vulnerable — not just to this latest Ransomware, but to dozens of other vulnerabilities unearthed in the last three years. The vulnerability targeted last week doesn’t exist in systems released since Windows 8 (which introduced SMBv3), so the main targets were Windows 7 and Windows XP. Windows 7 users are still receiving patches, but XP has been unsupported since April 2014. As organizations handling tons of information, we must understand and accept that the most crippling wars of the future will be in cyberspace, with no bloodletting. To stay prepared, we must build robust counter-intelligence, including a highly capable cyber-expert who is proactive rather than reactive.
Organizations need to play smart to prevent Ransomware attacks. While it is important to have firewalls and staff training around cyber-security, it is equally important to have the most updated software and the right hardware installation. Most computers impacted by WannaCry were on Windows XP that was stopped way back in 2008, and organizations like the NHS had time till 2014 to switch over. However, most of the networks hit on Friday had complex embedded systems that could barely survive a patch.
Installing antivirus software and being wary of suspicious emails or pop-ups is a comprehensive strategy against Ransomware attacks and should be a part of your business security plan. Creating regular back-ups of your data will go a long way in your preparedness to tackling cyber-attacks.
We hope WannaCry makes people more aware of the loopholes that exist in their systems.
For any requirements of SSL certificates kindly visit HTTPS.IN