5 Ways To Beat The WannaCry Ransomware Attack
Stopping The Threat
The massive ransomware attack known as WannaCry has infected computer systems in 150 countries since Friday, according to the BBC. Cybersecurity firm Kaspersky Lab says at least 200,000 computers have been crippled — with healthcare systems and telecom companies among notable victims. The attacks have involved a demand of a Bitcoin payment — equal to $300 -- in order to unlock computer systems. In response, a number of cybersecurity experts are offering advice on how to protect against WannaCry.
Here are five steps to take to defend against the WannaCry ransomware attack.
Patch Everything
The place to start is with patching Windows machines immediately, according to cybersecurity firm Cybereason. In March, Microsoft had patched the "Eternalblue" exploit, an NSA-derived vulnerability that researchers say is the likely culprit in WannaCry.
Specifically, the attack exploits a flaw in the Server Message Block in Windows, which can enable remote code execution, Cylance said. Organizations that are behind on patches or running legacy operating systems, such as Windows XP, are vulnerable unless updates are made, Cylance noted. Microsoft is offering a rare patch for Windows XP in response to WannaCry.
Security experts say that along with patching the operating system, organizations should also patch third-party applications to secure against the ransomware attack.
Backup Your Data
Organizations should do regularly updated file backups, and backups should be made to storage devices that are not continually connected to the organization's computers, according to Kaspersky Lab. Having current backup copies means that "an encryptor infection is not a catastrophe," the company said. "You can spend a few hours reinstalling the operating system and apps, then restore your files and move on."
Check Firewall And Email Security
Security awareness training firm KnowBe4 suggests that organizations should check their firewall configuration to ensure that, if criminal network traffic does get into its system, that traffic won't be allowed out. Organizations should also disable SMB1 (the Server Message Block, which contains the exploited flaw), the firm said.
Meanwhile, organizations can also lessen their chances of infection by installing a secure email gateway product, which filters URLs, KnowBe4 said.
Detect And Remove
There are a number of tools available for detecting ransomware, both in cases of a local infection and in its attempts to spread across a network. Some tools are also able to automatically prevent file encryption. In the event that ransomware infection does occur, organizations should wipe affected machines and re-image from bare metal, according to KnowBe4.
User Education
Cybersecurity experts say that ransomware attacks can be propagated in many of the same ways as other cyberattacks — including through phishing emails, infected banners and social engineering. Organizations should emphasize (or re-emphasize) the need to avoid suspicious links, email attachments and suspicious software, Cybereason notes. Organizations might also consider security awareness training such as social engineering simulations, KnowBe4 said.