WannaCry
Security

Share This Post:

Office 365 – Benefits of a Cloud Based Solution
Business Continuity: Planning for an IT Disaster

How to Prevent Current Security Threats: WannaCry and Petya

The number of security threats to your IT infrastructure increases every day. These threats come in several varieties, including spyware and denial of service attacks. From email to firewalls, all systems need to be secure in order for your systems to run efficiently. Maintaining constant security is an everyday struggle, but having strict controls and companywide procedures can ensure smooth operations throughout.

The sophistication of new threats and their aggressive code can infiltrate even the most secure systems. One of the most common and most dangerous are those that fall into the ransomware category. These can wreak havoc on a single system or an entire corporation’s infrastructure. Ransomware is particularly malicious because of its potential to cripple a computer with no potential for a cure except for a complete image/backup. Your hard drive and/or contents become encrypted with little to no chance of recovery. Two recent examples of note are WannaCry and Petya.

What is WannaCry?

This ransomware appeared in May of 2017. There are several different variations of its name, including WannaCrypt. It swept through computers around the world in the first few days following its release. WannaCry, initially spread via email, exploited a vulnerability in Microsoft Windows SMB (Server Message Block) protocol. Patches for this exploit, more specifically called EternalBlue, were released by Microsoft a couple months prior to the initial attack, but several systems were unpatched and therefore compromised. Once the attack was identified and patched, the spread significantly weakened. Variations of the ransomware have been introduced and unpatched systems remain vulnerable.

What is Petya?

Petya appeared in early 2016 and was primarily spread through the same vulnerability as WannaCry, the Microsoft Windows SMB protocol. The viciousness of this ransomware is found in its ability to encrypt an entire hard drive through the master boot record (MBR). Its ability to spread has been described as more effective than WannaCry, however it primarily attempts to spread within an internal network rather than externally. The same patches Microsoft released (as explained above) apply to this threat. Variations that use similar operations and payloads continue to proliferate.

How to Protect your Business from WannaCry and Petya

Prevention of threats like these are difficult, especially with their ability to propagate like wildfire. The good news is that the Microsoft patches for the specific vulnerabilities were available well ahead of time. A key component to any structurally sound information security policy is to stay up to date with security related updates, patches, and upgrades.

Automatic Updates  Microsoft, for example, has long had automatic updates for their desktop and server environments. Unfortunately, many companies will forego automatic updates to maintain the status quo if the systems they control are functioning and the employees/management are productive and satisfied. Also, with automatic updates comes the chance that a third-party program, an associated service, or some previously unknown change will negatively affect the current working environment. This can cause headaches for all involved and can be time consuming to revert or investigate and correct.

Company Wide Security Policy – A solid defense for WannaCry and Petya, for example, is a solid, company wide security policy. The policy should encompass standards, such as passwords and permissions, but also the more technical IT-related items such as patches and updates. The whole of management should be aware of the importance and effectiveness of automatic updates. Your policies and procedures should emphasize the importance of prevention over the reaction to a ransomware infection.

Additionally, best practices should ensure that backups, images, and procedures are in place so systems can be quickly and easily returned to working condition and secure information is not compromised. Preparing backups and images can be time consuming, but these can ensure business continuity, a prime function of management and necessary for business success.

Here is a link to Microsoft’s Security Bulletin: https://technet.microsoft.com/library/security/MS17-010

ConnectOn can help put proper security procedures and solutions in place to protect your business. Contact us for more information!