What makes WannaCry such a devastating virus? And why are cyber security experts still very worried about this ransomware?
‘Know Your Cyber Attack Part One: Why WannaCry Is Still a Threat’ is the first instalment in an upcoming Evros Technology Group series exploring the different types of cyber threat we’re facing; what makes them so prolific, and what your enterprise can do to prevent against attack.
The History of WannaCry
WannaCry is a ransomware worm or cryptoworm that attacks machines running on older versions of Microsoft Windows OS. In the days of outbreak during May 2017, WannaCry was reported to have infected over 230,000 machines across more than 150 countries.
Microsoft had actually released a patch to protect systems from the exploit almost two months before the arrival of WannaCry, but as the damage demonstrated, many organisations still hadn’t applied the update. And strangely enough, a large proportion of enterprises still haven’t implemented the patch.
Why does this type of ransomware continue to cause such particular worry? WannaCry ransomware is very much still alive, with the percentage of infection attempts actually higher than it was in 2017 during its height.
The Anatomy of WannaCry
Of the various features which help proliferate WannaCry’s existence, the transport element allows the virus to spread freely across a network by scanning for vulnerable Windows Servers Message Block (SMB).
By leveraging hacking software Eternal Blue and Double Pulsar, the WannaCry malware could install itself and encrypt the device before moving onto the next device via the internet.
Interestingly, it was built with a ‘kill switch’ through an unregistered URL address in WannaCry’s code. This is a common feature of how botnets and other types of malware communicate. Upon registering the site, defenders were able to point the virus to a controlled server, and any system that made contact with the URL, the virus shut itself down.
Future WannaCry Fears
While the kill switch domain was eventually found and rendered useless in the malware, the main concern about WannaCry was not the complexity of the malware, but its simplicity and visibility. Who’s to say the next generation of WannaCry variations won’t be packed with a kill switch built in, avoiding the sandboxing technique used in 2017? Many have already introduced other features that allow it to creep around systems undetected. Rather than react to the fall-out of another ransomware virus, it’s time to be proactive and build out your defenses.
How to Protect Against Future Threat
Backup Your Data
The power of ransomware is that it essentially holds your data to ransom. If you have an up-to-date, or even better yet, automated or managed cloud back-up strategy in place, you won’t feel forced to pay-up (Paying any ransomware is not advisable in the first place).
Restrict User Access and Permissions
Conditional access groups and admin privileges are paramount to the responsible handling of data. According to Gartner, by 2023, 99% of cloud security failures will be due to the customer’s actions, while through 2021, 50% of enterprises will unknowingly have some IaaS storage services, network segments, applications or APIs directly exposed to the public internet. Placing limited access removes potential paths for the virus, should the unfortunate situation arise.
Implement Multi-Factor Authentication
Ransomware tests the vulnerabilities in systems; this can include passwords and access points. Minimise the risk of that type of breach by setting up multi-factor authentication and mobile application management to help prevent unauthorised access to company information. Use tools that can monitor suspicious activity within your network and shut down a user account.
Update Applications and Operating Systems
WannaCry’s infamy was mainly due to Windows systems that had not been updated. Users were issued the important patch by Microsoft and are continually urged to update their applications. There will be future versions of WannaCry, more sophisticated than its predecessor so heed the warning of technology vendors to reduce your vulnerability: update, update, update.
It’s now critical to have adequate and early-stage protection of your digital assets. Keep updated through scan activities and set up real-time outbreak alerts emailed directly to you. Features such DDoS, anti-spyware, firewalls, Intrusion Prevention and Detection should be part of your day-to-day security strategy.