CyberSecurity companies around the world are having to contend with WannaCry, the latest version of ransomware that is reportedly based on code originally developed by the NSA, but was let loose in the wild by a group known as the Shadow Brokers. This has been one of the most aggressive and fast-spreading viruses in computer history, which officially earns it the title of being a CyberAttack. According to Forbes, this virus utilizes an exploit of Microsoft Windows called EternalBlue, which was released to the public in April. However, Microsoft had already developed and released a Windows Update patch back in March that closed up the vulnerability. So, computers that are regularly updated and patched would not be vulnerable to this particular virus, or most others, for that matter. Cyber attackers always advance in the way they attack secured online network, meaning companies need to regularly update their security measures and conduct penetration testing services to evaluate the weakest points in their network.
The virus was originally being delivered in the form of e-mail attachments that were sent in the form of compressed ZIP files; opening the attachment would trigger a malicious piece of software code that would check to see if a Windows computer system was patched to block the EternalBlue vulnerability, also known as MS17-010. If it was not, then it could then gain access to the core functions of the operating system and initiate the encryption of all data files that the computer has access to, both locally and on a network – that is how most ransomware works.
However, what makes WannaCry different and particularly dangerous is that it doesn’t just encrypt files and then ask for a ransom ($300 of Bitcoin currency in this case) like most ransomware infections – it then aggressively reaches out to any other computers that it has access to and tries to infect them, as well, using the same unpatched vulnerability MS17-010. That can be – and has been – devastating to a number of hospitals and other medical offices around the world, particularly in the U.K., which was apparently singled out as the initial target for this attack, and also appears to be ripe with systems that are either unpatched, or are running unsupported, retired operating systems, such as Windows XP, which reached end-of-life back in 2014.
The virus’ spread has been temporarily stopped by the efforts of a company called MalwareTech, who analyzed the malicious code and discovered that there was a “kill switch” built into the virus. It would try to reach out to a specific domain name and website on the Internet, and if it was successful in contacting it, then it would disable itself and go dormant. MalwareTech discovered that the domain name it was looking for wasn’t even registered, so they bought it and registered it, and almost immediately the virus started slowing in its tracks as it made its way around the world. However, MalwareTech warns that this is only a temporary fix, and that all someone has to do to resurrect the cyberattack is just modify the code a little bit to remove the killswitch and then re-release it – the risk is far from over.
So, what lessons can we learn from this massive cyberattack that has hit over 100 countries worldwide?
- KEEP YOUR COMPUTER UP TO DATE!! Even a computer with up-to-date virus protection can be exploited if it is missing critical Microsoft patches. DO NOT count on your antivirus software to be your end-all be-all protection from malicious code. Cyberattacks need to be blocked with multiple layers of protection.
- UPDATE THIRD-PARTY SOFTWARE, TOO! Many of the ransomware-type viruses take advantage of outdated Java, Adobe Flash Player, web browsers, and other third-party applications. If you neglect those updates, then you are leaving a gaping hole in your defenses for malware to take advantage of.
- UPGRADE TO A SUPPORTED OPERATING SYSTEM: Not only has Windows XP been retired for several years, but now Windows Vista has recently been retired, as of April 11, 2017. Once an operating system has been retired by Microsoft, they no longer release security updates for it, so it quickly becomes vulnerable to code that exploits unpatched vulnerabilities.
- DON’T OPEN E-MAIL ATTACHMENTS THAT YOU WERE NOT EXPECTING OR THAT LOOK SUSPICIOUS: Were you expecting your brother to send you a zip file called “FunnyJoke.zip”? Has he ever sent you a zipped file before? If the answer is no, then DON’T OPEN THE ATTACHMENT! When in doubt, you should call or e-mail the person that the attachment supposedly came from to verify that they sent it to you.
- BACKUP YOUR FILES REGULARLY: All the prevention in the world will not give you 100% security against being hit with some variation of ransomware. When a brand-new strain of computer virus is released, there is usually no defense against it in hour one. Antivirus companies have to identify it and write virus definitions that detect it. Software vendors have to evaluate the exploits that are being used and then write patches for them. If you found a flash drive on the sidewalk, wouldn’t you be curious enough to take it home or to the office and plug it into your computer to find out what is on it? ZAP! An auto-launching virus just attacked your computer, and you were the one who unleashed it. Having a full, complete backup is your most certain way of recovering from a file-encrypting virus.
- USE A REPUTABLE ANTIVIRUS PROGRAM WITH E-MAIL PROTECTION: Most antivirus solutions include spam and virus scanning for incoming e-mails, however many of the free ones are limited in what they can offer in the way of patch management or bad website blocking. Vipre Internet Security is a solid program for home computer protection that we have seen do a nice job without bogging down a computer’s performance, and it has always been one of our favorite picks. If you currently have no virus protection, PLEASE go and get something now! if you don’t want to pay $30 to get world-class protection like Vipre, then at least go and get a free antivirus program like Avast or BitDefender, both of which do a pretty good job, and they are certainly better than no protection at all.
- USE YOUR COMMON SENSE! Don’t click on that link along the right-hand side of FaceBook that says “He Will Be Missed” next to a picture of Sylvester Stallone or Hulk Hogan. (Check out our blog on that scam HERE) Don’t fall for fake virus alert pop-ups that tell you to call a toll-free number for assistance from Microsoft. Stop clicking on those links that tell you how to magically lose 100 pounds or make a million dollars or look 20 years younger by using this “One Weird Trick”; the only “weird trick” is that somebody got you to click on something as ridiculous as that, after all. 🙂
Okay, so this has been a long blog post, but it is an important topic in this ever-evolving world of technology and data. Thank you for taking the time to read through this, and please share it with friends and family who might appreciate a few safety tips about the dangers out on the Internet.
Most of all, let’s be careful out there!
-The PJ Networks Team
If anybody out there is still running any Windows XP systems, there are links to download the MS patch for them here: http://www.zdnet.com/article/wannacrypt-ransomware-microsoft-issues-patch-for-windows-xp-and-other-old-systems/
UPDATE: CNN is recommending that victims of WannaCry DO NOT pay the ransom: http://money.cnn.com/2017/05/15/technology/cyberattack-dont-pay-ransom/
However, if you have no backups of any of your data, it may be the only option you have. Please be aware that paying the ransom DOES NOT guarantee that you will get your data back, and it does encourage the hackers to continue using this kind of cyberattack in the future.