Cry No More: Avoiding the Risks of Ransomware

 

Last Friday, May 12, a rapidly moving global ransomware attack unfolded, primarily affecting  Europe and Asia but eventually making its way to the U.S. and South America. The ransomware strain was known either as WannaCrypt, WanaDecrypt or Wanna.Cry. Once a system was attacked, it would encrypt the files and request a ransom of $300 in bitcoin to decrypt the files and revert control. Estimates suggest that over 100,000  systems were rapidly infected worldwide. The variants hit the UK’s National Hospital System hard–greatly affecting operations at 16 hospitals as their computer systems were targeted.
The Source
The ransomware were all variants of WannaDecryptor, a threat begun two weeks ago by exploiting a Microsoft SMB vulnerability that had been patched in March. The ransomware particularly damaged unpatched systems or those using unsupported operating systems such as Microsoft XP and older OS, such as Windows 8. Microsoft made an exception and quickly released a patch (MS17-010) for XP and Windows 8 due to the significant impact and spread of this ransomware variant.
The Solution
The spread was halted when a UK-based researcher only identified as “MalwareTech” realized the code had a kill-switch. The ransomware would look for a specific, nonsensically long domain name on the internet and once located, it would deactivate. MalwareTech registered the domain name and this appears to have activated the kill-switch and halted the spread of the malware…for now. This vulnerability suggests that the ransomware creator was either lazy with the programming or purposely imbedded the kill-switch, or worse yet, was sending a message on how easy it is to cripple so many systems, maybe testing for something far more sinister. Regardless, systems infected prior to the kill-switch activation would remain infected by the ransomware.There are developing reports of newer variants of WannaDecryptor in the wild that either have a kill-switch with different domains or no kill-switch. Promptly patching systems is essential to prevent future infections.
Stay Alert
To protect yourself, consider and implement the following best practices:
  • Use operating systems that continue to be supported by the vendor to ensure timely updates and patches.  Avoid using unsupported or unlicensed operating systems or applications.
  • Update and patch your systems as quickly as patches are released.
  • Backup your data frequently and maintain several prior versions of the backup so systems can be restored from a number of prior points in time.

Author Carmen Duarte

More posts by Carmen Duarte

Leave a Reply