Prevent WannaCry-Style Ransomware Attacks with Proper 'Security Hygiene'

cyberattack
Core software and technology systems need to be kept up to date Simon Dawson/Bloomberg

As organizations around the world are grappling with the largest global cyberattack ever to use ransomware, one of the hardest truths about this series of attacks is shockingly simple. The attack could have been prevented using quite possibly the oldest tool in the security toolbox. It has been available for many years: patching and keeping your core software and technology systems up to date.

The ransomware threat is not new, nor novel. In fact, the threat first emerged in 1989 on floppy disks sent to unsuspecting computer owners. The means of delivering the attack have changed, but the approach has remained the same. Malicious software infiltrates an endpoint, encrypts all files, and then demands a ransom payment to release the files back to their rightful owner. Over the last few decades, ransomware has continued to evolve and, within the last three years specifically, the incidents of ransomware have skyrocketed along with the rise of cryptocurrencies like Bitcoin.

Flash forward to today to the latest ransomware outbreak dubbed “WannaCry” has taken down the systems of more than 100,000 organizations in over 100 countries. Since the morning of Friday, May 12 it has mutated and continued to spread ever since. The attacks have devastated critical infrastructure, including hospitals, telecommunications and distribution/supply chain services across the world.

How could WannaCry ransomware have been prevented? The most simplistic explanation is the lack of security hygiene.

Like flossing, security patches are an active, preventive measure that feel like a nuisance, but could save the day in the long-run. If you’re like me, you may have brushed off advice from the dentist to floss daily until you have a nasty cavity that needs to be fixed with painful and very expensive work. Like dentists value flossing, security professionals have long stressed the importance of patching and backups. But until the “crash, that advice has been halfheartedly implemented.

A flaw in a file sharing protocol (SMBv1) of Microsoft Windows Operating System made the scale of this attack possible. But the kicker is that Microsoft had already issued a fix for this flaw almost two months ago.

WannaCry’s exploitation of this Windows vulnerability enabled it to spread at great speed from one workstation to a vast network of endpoints without end user interaction. As a result, WannaCry adopted an attack of a “one-to-many” worm versus instead of the standard phishing attacks that typically infect one user at a time.

The massive scale of this attack shines a light on just how many organizations were using outdated, unpatched systems. The impact of WannaCry could have been greatly reduced if critical Microsoft Windows patches were applied in time throughout organizational industry networks.

What should companies do to protect themselves?

Organizations are scrambling to urgently deploy the relevant Microsoft patch across entire Windows infrastructure. In addition to the March 14 patch (MS17-010) for supported systems, Microsoft has also issued an emergency patch for sunsetted systems, like XP, that can be accessed here.

Victims are highly discouraged from paying the criminals after these attacks as there is no guarantee that this will unlock your data – and it might make them a prime target for the next attack.

While certain versions of WannaCry have been disabled, hackers are likely to reanimate it rapidly, and organizations need to be prepared. At this time, many Windows servers and workstations are still potentially vulnerable, which means that WannaCry2 has ground to cover in the coming week.

Here’s what you can do to protect your organization today from the next big threat:

·         Patch all Software: Install a patch program and make sure it extends to security software. Have up-to-date antivirus and malware detection software installed on employee endpoints. Set up regular scans and automatic updates for those solutions. Update any software you use often and delete applications you rarely access.

·         Be Vigilant: If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links. WannaCry may not have started as a “phishing” attack such as this, but many ransomware attacks do.

·         Backups: Plan and maintain regular backup routines. Ensure that backups are secure, and not constantly connected or mapped to the live network. Test backups periodically to verify their integrity and usability in case of emergency.

·         Disable Macros: Disable Microsoft Office file macros when those are launched through email attachments, especially from external parties.

·         Plan: Create an incident response plan is key to quick discovery and recovery from any security incident. Create plans and be sure to practice and optimize them to orchestrate the response.

·         Ensure your employees, suppliers and others who work with your company receive regular security training, such as how to spot suspicious emails - and who to call if something goes wrong.

An ounce of prevention is a profound lesson here and that prevention includes using tools we already have in our security toolbox. Going forward, organizations around the world need to understand the elements of these attacks and be prepared for copycat attacks with new twists. Most importantly, organizations need to stay the course of keeping systems secure.

Organizations need to reframe their thinking, and move from the idea that patches and backups are an unpleasant, costly chore and rather a critical preventive measure. Staring down a screen of updates is a much better view than staring down a red screen with a ransomware dollar value.

- Diana Kelley, Global Executive Security Advisor, IBM Security

Article originally published on