Cyber-attacks have been around for as long as there have been networks.
The Internet was developed to provide an alternative should conventional communications networks in the United States come under attack. The first computer worm was released in 1988 and shut down 10 percent of computers connected to the Internet. The earliest attacks went unnoticed because before the mid-‘90s, the Internet was primarily used by academia and connected mainframes. It wasn’t until 1995 that a virus, specifically attacking Microsoft Word documents, was released. And it wasn’t for another seven years that Bill Gates announced he would secure Windows.
Until fairly recently, attacks were perpetrated by loosely organized hackers and consisted of worms, viruses, and spy/malware. Many of the attacks were exercises in system access, data destruction, altering email systems, or installing relatively harmless spyware programs. Today, cyber criminals have become more organized and more sophisticated, utilizing advanced network threats such as ransomware and custom malware, making defending your sensitive data a daunting task.
Additionally, if your business accepts, stores or transmits payment card data, Payment Card Industry Data Security Standard (PCI DSS) compliance validation is required by card brands such as Visa, MasterCard and Discover, making the defense of your data even more daunting. PCI DSS compliance is designed to protect businesses and their customers against payment card theft and fraud.
On May 12, WannaCrypt, also known as WannaCry, was used in a very large cyber-attack that affected over 150 countries. Victims were told they could free their machines by paying the equivalent of US $300 in Bitcoin. The ransomware threatened to delete the infected files within seven days if no payment was made. Since then, the situation has been stabilized and the feared second wave of attacks has failed to happen.
The attack was contained by Marcus Hutchins, also known as Malware Tech, who registered a domain name to track the virus, which then stopped it from spreading. Since the malware relied on making requests to domains and ransoming the system when the connection wasn’t made, registering the domain essentially stopped the ransomware from spreading further.
This sinkholing of the malware has stopped the rate of infection, though Hutchins warns that it may be only a temporary fix.
How does WannaCrypt spread?
The ransomware spreads through a vulnerability in the Server Message Block in Windows systems. The creators of WannaCrypt used the EternalBlue exploit and the DoublePulsar backdoor to create an entry in Windows systems.
Additionally, the malware was also spread through social engineering emails that tricked users to run the malware and activate the worm-spreading functionality with the SMB exploit. The malware itself was delivered in an infected Microsoft Word file that was sent in the email.
Who is affected?
Organizations that use Windows systems and have not yet patched the vulnerability are vulnerable to this attack.
Over 230,000 computers in 150 countries were crippled worldwide. Healthcare organizations in particular were affected by this ransomware, including many National Health Services hospitals in England.
What should your company do to protect your network from these security threats and maintain compliance?
- Remember that as soon as the better mousetrap is built, the mouse will find other ways to get your cheese so it’s imperative to partner with a network security company, like Integrated Technology Group (ITG), that will continuously scan your networks to check for vulnerabilities.
- Always keep in mind that as long as there is data, there will be people trying to steal it, so if you have a Windows system, update it as soon as possible and stop using older versions of Windows right away!
- If you have been attacked, experts advise that you don’t pay the ransom, since there is no guarantee that the hackers can even decrypt the encoded files after receiving the ransom payment. It’s important to know that this attack likely won’t be the last one of its kind because this strand of ransomware attacks, released last month, is expected to increase through copycats.
Integrated Technology Group offers affordable Corporate Network Security scans that will identify an organization’s infrastructure vulnerabilities, which may lead to a ransomware attack like WannaCrypt. If you would like to learn more about the several preventative security services ITG has to offer please contact a representative at firstname.lastname@example.org.
Steve Snelgrove (CISSP), Security Analyst at SecurityMetrics; Rich Hummel, CCNA, CCNAW, CCSI; and SonicWall, Inc.