Earlier this month, a strain of ransomware infected more than 300,000 Windows PCs around the world. The awesomely named WannaCry strain demanded that infected businesses and individuals pay $300 in order to unlock each machine—as well as the data stored on their devices. Some people paid the ransom, while others were lucky enough to wait it out and be rescued by a hero who accidentally stopped the attack by registering the unregistered domain on which the ransomware lived.
Now that the attack has been thwarted, it appears that new WannaCry variants are emerging, and a massive, unrelated ransomware attack hit Eastern Europe. As ransomware attacks become trickier and more difficult to stop, your company is more likely than ever to be at risk. As a result, we've compiled this list of post-mortem steps on what happened, how you can protect your business and yourself, and what you should do if you fall victim to an attack.
Image Via: Statista
1. Be Defensive
You're going to need to be smarter about which emails you open, which links you click, and which files you download. Phishing attacks are common and they're easy to fall victim to. Unfortunately, WannaCry wasn't your typical phishing attack. Instead, this attack manipulated a Windows vulnerability, one that had already been patched by Microsoft earlier this year.
So, how did it get through? You know those annoying pop-up notifications that software manufacturers send to your computer? They're not just alerting you to new features; they're adding patches to your software that will help to protect against attacks like WannaCry. The same goes for your endpoint protection software. If your vendor asks you to update, then update. In this case, it appears the attackers were able to penetrate systems that had not recently been updated and, as a result, hospitals were crippled and lives were put in jeopardy (more on this later).
"The global fallout of this attack could have easily been prevented by deploying the security update once it was made available by Microsoft," said Liviu Arsene, Senior E-Threat Analyst at Bitdefender. "The lesson to be learned from this experience is to always apply security patches and updates when they become available, not just for operating systems but for applications as well. Of course, a security solution might prevent the payload—in this case, ransomware—from infecting victims. But more advanced and sophisticated threats could potentially leverage the operating system vulnerability to gain persistency and bypass traditional security mechanisms undetected."
2. Back that Cache Up
The worst thing about an attack of this variety is that it gains access to your data. However, the responsible among us don't need to worry about this very much because they have been using disaster recovery (DR) software to ensure that their information is alive and well in the cloud. If you wind up getting hit with a ransomware attack, then having access to your full trove of data in the cloud means you can simply factory-reset your machine, pull in your backed up data, and start working again.
Image Via: McAfee
3. Don't Pay, Silly
As much as you'd like to retrieve your unfinished screenplay, paying hostage takers seldom works. Instead, contact the FBI and let them know you've become the victim of a cyberattack. If you desperately need your data and you don't have a backup stored elsewhere, then just sit tight and wait. Also, if you don't need your data or if you have backed it up, then just reset your machine and start from scratch.
Whatever you do, don't pay. Here's why: There's a good possibility the hacker won't actually release your data. Now you're out $300 and you're still out of luck. Also, paying could actually expose you to additional risk because you've shown a willingness to give into the hackers' demands. So, in the very best-case scenario, you've paid, gotten your data back, and given a criminal incentive to try to attack you again in the future.
"No one is ever encouraged to give in to ransomware demands," said Arsene. "In fact, if no backups are available from which to restore lost data, companies or individuals should treat the incident as hardware failure and move on. Paying would only fuel cybercriminals with the financial resources to keep developing new threats. And there's no actual guarantee that you'll actually receive the decryption key. You are actually dealing with criminals here."
4. What You Should Do
As I previously mentioned, backing up your data and running a factory-reset on your hardware, will let you walk away from a ransomware attack without having experienced much real damage. Here's a step-by-step procedure for what to do when that ransom note hits your screen: 1) Unplug your computer and unplug your computer from its network. 2) Fully wipe your device and restore it from a backup. 3) Install all security patches and updates and add a security solution like Bitdefender to your software mix. 4) Contact the FBI.
5. Businesses Must Get Serious
"There are security layers that companies can deploy to protect infrastructures from zero-day vulnerabilities in both operating systems and applications," said Arsene. Arsene recommends organizations running virtual infrastructures deploy a hypervisor-based memory introspection technology that's capable of securing virtual workloads.
"This new security layer that sits below the operating system can detect zero-day vulnerabilities, like the SMB v1 vulnerability leveraged by WannaCry, and prevent attackers from ever exploiting it, even if the system is unpatched or the vulnerability is completely unknown," Arsene explained. "This complementary security layer, coupled with traditional in-guest security solutions and constant software patching, increases the cost of attack for cybercriminals while giving organizations more visibility into advanced attacks."