Earlier this month, the WannaCry ransomware took the world by storm. And not in the fun "Beatle-mania" way, in more a "Mount Vesuvius" way. What is WannaCry? What can your organization to do protect itself from future cyberattacks?
What is WannaCry?
WannaCry uses the EternalBlue exploit to enter Windows machines and servers and encrypt their data. This exploit had been identified and made by the NSA. The NSA informed Microsoft of this risk in March. The March 14 standard security update contained a patch for this risk. Unfortunately, Microsoft has not included Windows XP and Server 2003 patches since 2014. A hacker group, Shadow Brokers, released the EternalBlue exploit to the public on April 14th.
This is how whomever is responsible for WannaCry got their hands on it for the May 12 attacks. The millions of Windows XP machines were vulnerable to infection until Microsoft's release of an emergency patch and the discovery of a kill switch. Still, over 200,000 computers and systems were hit, and there is currently not a reliable way to regain the data. The operators of WannaCry didn't leave a way to determine who paid the ransom and who didn't, so even paying the fine won't restore the data. A key has been made, but it only works on a fraction of machines.
As the spread of WannaCry slowed, questions over responsibility and blame became the new story. People wanted to know what the NSA thought it was doing. Who created the WannaCry virus? The question raised against Microsoft was why it didn't release the patch for its Windows XP with the rest, especially knowing how many XP users still exist around the world.
Firstly, Windows XP is a 16-year-old system. There have been 4 new operating systems since the release of XP. Secondly, Microsoft has been trying to move their XP clients to new systems since the release of Vista in 2008. Lastly, while they stopped providing free support for XP in 2014, they do offer custom support plans that cover old systems.
While it's fun to sit here and play the blame game, it doesn't really fix anything. We all have to accept that that this our reality now. Cyber crime is the new greatest threat to your company's security. So instead of looking back, we must look forward.
What can your organization do to protect itself?
Update Your Technology
The only way to protect your machine in this new reality of ransomware attacks is to keep updating your security and your software. I would love to sit here and tell all of our dear readers that you can use your favorite technology forever, that providers will never stop providing patches, so you will always be safe... But that's infeasible. Companies won't do it. The hesitation to update technology was the real exploit of this attack. The majority of victims were using an OS that is 16 years old. Updating your tech, especially in large organizations, can be an involved and costly procedure. That doesn't change the fact that in today's world, the hesitation to upgrade your company's tech could be the mark of death for your company's information.
Use Security Guidelines
You must also speak with your IT departments and work carefully to develop a plan to keep your information safe. Avoid emails from dubious addresses. Make sure that all members of the organization follow security protocol. Ensure passwords are varied and regularly changed. Back up your data, and store what you can in the cloud. This safeguards against attacks on or failures of any one machine. These protocols don't just protect your company from the anonymous hacker group, but from other unexpected moments.
To get started creating an up-to-date, secure intranet, talk to a SharePoint consultant today!