As most of the world has heard by now, a widespread ransomware attack known as WannaCry has infected over 200,000 computers in more than 150 countries. WannaCry exploits a Windows vulnerability (MS17-010) which was patched by Microsoft in March. The vast majority of infected machines were running outdated Windows XP, Server 2003, or unpatched instances of supported operating systems like Windows 7. Given the scale of this attack, Microsoft has since taken the unusual step of issuing an update to unsupported operating systems to protect those users still running Windows XP and Server 2003.
By definition, ransomware is malicious software designed to encrypt data on a computer until a ransom is paid. While this ransomware attack was massive in scale, the general principle remains the same. The difference in this case was the delivery mechanism. The most common method of ransomware delivery is phishing emails containing malicious attachments or links. WannaCry took the unusual step of including the ability to infect other computers on the network, increasing its reach drastically.
How to Protect Yourself against Ransomware
WannaCry is one of the most high-profile examples of ransomware but the threat goes beyond this incident. Organizations and individuals need to take proper precautions to protect themselves against this specific threat and other types of ransomware. Specifically you need to:
- Remain vigilant for unsolicited emails. Do not click on links in an email without verifying the sender and the link destination
- Never open unsolicited email attachments. Even attachments from known entities can contain malware. Always confirm with the sender if in doubt
- Back up your data frequently and on secure servers
- Confirm your system is running the latest operating system, and updated anti-malware software at all times. Where appropriate, set your computer to automatically update operating system and anti-malware software.
Next Steps for iboss Customers
The iboss distributed gateway platform has multiple layers of defense to prevent malware like WannaCry from getting into the organization, as well as post-infection features for stopping the ransomware Command & Control (C&C) communications. iboss customers should:
- Ensure they are leveraging iboss’ malware defense features
- Ensure iboss IDPS is in block mode
- Ensure the WannaCry malware category is blocked for all policies
- Block executables for all policies including .hta files
- Use OS controls to block unpatched and out of support operating systems such as Windows XP and Server 2003
- Block evasive protocols like Tor used for ransomware C&C and bitcoin payments
- Patch all platforms for MS17-010
- Disable SMBv1
- Make sure backups are separated and offline so they cannot be infected or encrypted
- If you have infected files they can try to use a decryptor: https://www.nomoreransom.org/crypto-sheriff.php
Chris Park brings over 13 years of technology experience in corporate network security to his position as CIO, where he is responsible for creating and driving the company’s IT strategy. As the resident expert in all aspects of iboss solutions and infrastructure, he is responsible for iboss’ entire IT operation, including network and system engineering, front-end development, data center operations, and customer service and support.