How did you fare with what is known as the biggest ransomware attack in history? The good news is that none of our clients have reported any infections. FedEx, government entities, hospitals, cloud environments that affect thousands of users right down to home users had their files locked up recently with a ransom note on them. Some articles say it was an XP vulnerability, an email attachment, an infected website, unpatched computers and servers, or a port used for Windows servers to communicate to network computers. For clarification, this virus does not just affect XP. And, if you are on XP, you should phase it out quickly because it’s an electronic petri dish waiting to attract a bug to infect everything else on your network. The common theme seems to be that once it infects a computer on a network that it goes from computer to computer if it is able to. This is what classifies this virus as a worm which is pretty serious. It tries to manifest though networks from an infected computer or server, but also tries to do the same thing on the internet by scanning IP addresses and looking for a way in.
The vulnerability has been around for quite some time and was known by the NSA before it was leaked into the wild. Once that occurred a few weeks ago, Microsoft released a patch to fix the problem so that any attempts to exploit it would be benign. If you update your Windows patches regularly, then there was no need to worry. I know it’s hard to believe, but some people prefer not to install any updates when they shut down because it can take a lot of extra time to install them. Keep in mind that whenever a Windows patch is available it means that Microsoft identified a hole in their software. They have to release notes on what the patch will fix. If you are a hacker, you read the whole whitepaper and get to work to write code that will breach it. If exploited, you might see an attachment in your inbox soon after or other methods can be employed to deliver it to your system. The odds are very good that most computers will not have the patch installed for weeks or even months because it’s time out of our day. Like complex passwords, it’s just not convenient but it sure is important. It’s also crucial that when updates are installing that if you force a shutdown of your computer, there is a high likelihood that it will corrupt Windows and damage your files. If it’s installing updates, let it run as long as it needs to unless you like to see our smiling faces on site.
So what are the basic security tools that you need to protect yourself from these types of threats? It’s the same thing you have heard from the IT department for as long as there was such a department:
• Backup – most important, and last line of defense. Without it, pay your ransom!
• Firewall – it helps keep internet cooties out.
• Operating system patching – this closes holes that are discovered from time to time and is usually discovered when someone else gets infected.
• Antivirus – stops many (but not all) threats at the PC level, if they get past the firewall and patching.
Over the last 13 years, Eagle Network Solutions has come into contact with many different threats as well as products that mitigate these threats. Naturally, there are varying degrees of security and like many other things your business needs, you can economize at your own peril, but you can also overspend and still have a problem. The right mix is worthy of a conversation that takes your environment into account, but you have to have the 4 pillars above no matter what. We look for ways to apply security that do not factor in humans that need to be reminded to do things at a certain time, and we also insist on using products that integrate with our monitoring system and billing system. If there is a problem, we want it to open a ticket rather than turn on a red light somewhere that we were supposed to check. Wouldn’t you like to hear that because you were on a maintenance contract with us that there was no reason to worry about the Wannacry virus as of about a month ago because patching on your devices was already done? Or, that we saw an attempted breach via a ticket that our managed antivirus created but that it was quarantined and mitigated before you even knew it?
Viruses don’t morph on their own like they do in the body – variants are created by hackers top get around patches and because of that, these incidents will continue and will probably make bigger headlines. Over the last 4 years, ransomware has been a billion dollar business and the criminals never seem to be caught. Cryptocurrency such as Bitcoin keeps their lucrative revenue stream safe and they leave almost no digital footprints, so they have no reason to stop the practice. All the recommendations I mentioned above can still be circumvented. It’s necessary, but security is always one step behind the developer of the malicious code. The most important defense is a working backup if all else fails.
There are other best practices that we can recommend based on your business that can help protect your network and data from these types of viruses, but being vigilant and erring on the side of caution is still the rule of thumb. If you are not sure about a link or attachment, don’t open it. Pick up the phone and verify that it really came from the person you thought it came from or call our help desk if you are not sure. A quick call could save days of downtime. We also have a one page basic network security guide that illustrates basic security and the pros and cons of each. Security is a balance between safety and convenience. Not all of our clients will implement all of our recommendations, but 4 days after the worst ransomware attack in world history, none of our clients fell prey to it.
If you would like to discuss your network security further or have questions, please give us a call or email us at firstname.lastname@example.org.