The ransomware, nicknamed ‘WanaCrypt0r,’ (now more commonly known as WannaCry) spreads rapidly by exploiting a Windows vulnerability in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. As of today, it has impacted 150 countries worldwide, most notably the UK’s National Health Service (NHS), Spain’s Telefonica, and FedEx. As the attack happened on a Friday, when most of the world leaves work early, we predict today will be another wake up call for those that fail to monitor cyber security and proper backups over the weekend. The attack has been mitigated by a small team of researchers looking at the code and registering the domain. While this has momentarily halted the attackers, they could easily rewrite and relaunch by changing the domain listed in the code. Result? A never ending game of cat versus mouse, cops versus robbers.
But there is a light at the end of the tunnel. These attacks aren't exploiting anything new, or groundbreaking. Microsoft has patched the vulnerability and, of course, released the patches for free. Microsoft has even gone a step further and released a patch for systems not in support: Microsoft Patch. This is actually pretty rare for a tech giant. Despite the action by Microsoft, there are still quite a few other things you should do to protect yourself during this extremely susceptible time:
- Disabling SMBv1 is not required by your internal systems. See this Tech Article by Microsoft: Disabling SMBv1
- Block SMB from the firewall
- If possible, isolate all legacy operating systems (Windows XP and below) from the network
- Notify your workforce of the potential for malicious email attachments, do not download from unknown sources
- Run a malware/antivirus scan – specifically looking for WanaCrypt0r (the variant will look different depending on your antivirus program)
The point of this article is not to make you fearful of this attack, but to educate you on the importance of patch management and proper backups. You control what happens next. Even if you're dealing with this cyberattack right now, don't concede to the demands. The more we bend to hacker groups, or glorify their attempts, (which is why we excluded their name from this article) the more attacks we will see. Remember, IT Managed Service Providers like us are here to assist and lend a helping hand. Hostway is here to act as your shield and armor; talk to us today and see how Hostway can defend you with an always secure, always available, cost effective solution.
Call (+1.866.680.7556) or chat now.