How Not to Cry from WannaCry

Mike Togle
May 18, 2017

Over the weekend, an unprecedented ransomware cyberattack was launched infecting more than 230,000 Windows computers in 150 countries. Victim’s files were encrypted and the attackers asked for bitcoin in exchange for decrypting the files.

This is by far the largest single attack using ransomware that has been recorded so far.  Britain’s National Health Services (NHS), FedEx, and Telefonica, to name a few, were heavily hit by this ransomware.

WannaCry / WannaCrypt is different from previous ransomwares we’ve encountered because, unlike traditional ransomware that spreads through phishing, WannaCry also has an ability similar to worm-type viruses for spreading through the network.

The “program” exploits a zero-day vulnerability in Windows’ Server Message Block (SMB) protocol, which provides access to shared files and printers on a network. This exploit, dubbed “EternalBlue”, affects versions of Windows from XP to 10.  “EternalBlue” was said to have been commissioned by the NSA, and was stolen and released to the public by the hacking group known as the Shadow Brokers.

Computers running on old versions of the Windows OS, like those still in XP, are particularly vulnerable. Reports state that the reason why so many NHS facilities in Britain were hit by WannaCry was because they were still using Windows XP.

While a security researcher going by the handle, “MalwareTech” was successful  in stopping the first version of WannaCry by identifying and triggering a kill-switch built into the malware, hackers were quick to close the hole and release an updated version 2.0 which does not have this kill-switch.

(I can’t help but be reminded of the movie, ‘Prometheus’, where the xenomorph continually evolves and adapts to its environment, becoming more deadly with each iteration)

Here are some steps to protect your Windows PC:

  1. Update your Windows OS.  Microsoft released the patch for the SMB vulnerability (MS17-010) for Windows 10 on March 14, 2017 and has taken the extra step of releasing a similar patch(KB4012598) for already unsupported versions of Windows (XP, 8 and Server 2003. You can find out more about the Windows patches here.
  2. Make sure your Anti-Malware software is updated. Most anti-malware vendors such as BitDefender have updated their products to detect and stop WannaCry 1.0 and 2.0.
  3. Be on the lookout for of phishing emails and refrain from downloading files from untrusted sources.
  4. If you can, block ports 445, 137, 138, and 139 on your home network.
  5. If your PC has already been infected, download a Malware removal toolkit from your anti-malware vendor. (ex. WannaCry Ransom-ware Scanner Tool ).
  6. Remember to regularly make offline backups of your files. If you can, store them in a version control repository such as Git or  Subversion (SVN). Given how SVN repositories work, this is best for project files.

Remember that a culture of security is paramount in this day and age of increasingly-sophisticated hacking.

Companies have a wide range of options in implementing the best software and hardware protection that money can buy, but they have to remember that the other side of the equation — “user education,” is equally important.  

This is where Pointwest comes in.

Pointwest Digital’s Technical Security Group can assess your company and employee’s cyber-security maturity and provide the needed training and consultancy to close the gap.

_____

Carry on a conversation with us through the comments below, or you can send a message or inquiry about our services for several industries.

Founded in 2003 by pioneers of the Philippine Global Sourcing industry, Pointwest creates value for its list of satisfied clients — including top Fortune 100 and local companies — with world-class IT and BPM services backed by international-standards methodologies and innovative practices.