Last week saw a massive outbreak of malware targeting Windows PC’s. You probably heard something about this, but the details were frequently glossed over by the more sensational aspects of the story (hackers called Shadow Brokers, a NSA exploit, 90+ countries affected, etc.) We wanted to take a moment and explain what happened and what you can learn from it.
This Wasn’t Regular Ransomware
If you’re not familiar with the basics of ransomware, you should check out our blog or video on how it affects small business. That’s important, because unlike normal ransomware, WannaCrypt (also known as WannaCry, WanaCrypt0r, WCrypt, or WCRY) doesn’t require you to download, open or click on anything to be infected.
That’s because, unlike normal ransomware, WannaCrypt used publicly available exploit code (known as EternalBlue) that was originally developed by the NSA. The original hackers deployed malware targeting Microsoft servers that takes advantage of this exploit. Then, the malware installed an NSA backdoor on vulnerable machines and through it went WannaCrypt.
Windows 7 and Earlier At Risk
The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 (and earlier) PC’s and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack. You’re also covered if you’re using a SonicWall.
The patch for this issue was released on March 14th, 2017, almost two months before last week’s attacks. If you’ve upgraded to Windows 10 or have been staying up-to-date on your Microsoft updates, you are not at risk.
Keep Your Patches Up to Date
If you haven’t installed the security update MS17-010 do so as soon as possible. (Contact Prophet if you need help with that.) If you’re still using a Windows XP machine anywhere on your network, you should deploy the – highly unusual – security patch Microsoft released on May 13, 2017. (Then you should draw up plans to retire that machine, as this won’t be the last vulnerability it will be susceptible to.)
If you don’t have a patching schedule, or Managed Services, you should implement a monthly patching routine. Remember, it was only two months after Microsoft patched this issue that the attack took place, so even quarterly update may not have kept you up to date.
WannaCrypt was, and will continue to be, a big story. The important thing to realize is that it was largely preventable by following simple security best practices.