WannaCry Shows World the Need for Endpoint Security

Wednesday, May 24, 2017

Amir Geri

608fdf3ab6d2bd77e08ec9c2774d03d9

Computers all around the world were hit with one of the worst ransomware viruses in history earlier this month. The virus, dubbed “WannaCry,” hit over 200 thousand computers in 150 countries. The virus was able to attack hospital systems in the U.K. and a telecom company in Spain. WannaCry has also hit universities and companies in China and Japan. Security experts say that the WannaCry virus is so fast-moving because it spreads from computer to computer by itself, rather than through emails or malicious links.

The WannaCry ransomware virus scans the victim’s device for personal files, encrypts them, and then holds them for ransom until the victim pays $300 in bitcoin. If the user doesn’t pay the ransom within three days, WannaCry will increase the payout demand to $600 in bitcoins. Through these threats, the attackers were able to get at least $50,000 in Bitcoin in ransom payments from infected users.

Windows users who put off updating their operating systems were affected by the ransomware. Microsoft designed a patch for people and organizations that used unsupported versions of Windows, like Windows XP, last Friday. The National Health Service in the U.K. had many devices that were operating on Windows XP, which is why 48 of its centers were affected. Although Microsoft provided a patch to users who bought the Windows product, people who are using a pirated version of Windows have to rely on third parties to provide them with a security patch.

The WannaCry virus has also been causing tensions between businesses and the government. Microsoft is blaming the National Security Agency of the U.S. for its role in stockpiling the WannaCry ransomware. The WannaCry ransomware was stolen from the NSA back in April, but Microsoft suspects that the NSA didn’t disclose that the security risk existed until the ransomware was stolen. Security experts are advising that governments should be more careful with cyber weapons, just as they are with physical weapons. Researchers have also found that the WannaCry virus was developed using some of the same code that was used in the 2014 Sony Pictures hack. The cybercrime organization behind the Sony Pictures hack, Lazarus Group, may have connections with North Korea.

Although WannaCry has been stopped, security experts are still concerned that people can be infected. Below are a few tips organizations can take to limit the consequences of a ransomware attack:

  1. Backup all data: Organizations should create backups of all of their important information, ideally on a daily basis. When information is backed up, it is more readily accessible when a security incident occurs, and organizations won’t have to pay ransoms to get their data back. Organizations can also consider making backups of their data on separate devices, so they have uninfected machines ready to go if a ransomware attack hits.
  2. Limit user access: Not all employees should have admin level access, or the ability to install third-party software onto company devices. Decreasing the number of people who have administrative access, or access to confidential databases, can decrease the chances of that information being compromised by a ransomware attack.
  3. Regularly inspect networks: Regularly conducting inspections for cyber threats lets organizations detect chaos-causing viruses before they get a chance to execute. By taking measures to prevent an attack, organizations can avoid losing thousands on compromised data and lost productivity.

Ransomware attacks will continue to become more sophisticated and effective as the year goes on. It is now imperative that organizations prepare their networks and devices for a ransomware attack. By conducting regular data backups and limiting user access, organizations can decrease the impact of a ransomware attack. By using endpoint security software to detect malware, organizations can stop potential ransomware attacks.

About the author: Amir Geri handles research and development at Promisec, a pioneer in endpoint detection and remediation.

 

Possibly Related Articles:
48514
Viruses & Malware Enterprise Security
Ransomware WannaCry National Security Agency
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.