WannaCry Ransomware Protection and Countermeasures - iCorps
You may have seen the news that a massive ransomware attack, spread via email, infected systems in as many as 99 countries including the U.S. Ransomware is software that encrypts victim’s data and demands a ransom to unlock it. The attack has locked up over 75,000 computers and caused major IT disruptions for major organizations across several industries. We’d like to explain how this attack – WannaCry Ransomware – spread and what countermeasures are available to provide ransomware protection for your organization.
How did this happen?
This particular ransomware variant takes advantage of a vulnerability, or flaw, in Microsoft operating systems including both desktop and server operating systems. While Microsoft released a patch to fix this flaw on March 14, 2017, some systems still remained unpatched for various reasons. This attack was able to infect systems that did not have the March 14th patch applied. By a stroke of luck, a UK-based company by the name of MalwareTech was able to shut down the WannaCry operation, at least temporarily. However, if businesses were already infected prior to MalwareTech's effort, they may be out of luck.
If your business was affected by the WannaCry ransomware attack, contact us for support.
Patching: iCorps takes patching seriously and prioritizes patches when they are released. If iCorps does not manage your patches or you are on a patching cycle that would not include the March 14th patch, we highly recommend patching your systems now. Please contact your consulting team if you need assistance. iCorps helps clients implement technology such as Microsoft’s Enterprise Mobility + Security that enables organizations to streamline patching. Again please contact your consulting team, if you’d like to learn more.
Managed Security: For those of our clients utilizing our Managed Security service, our partner SonicWALL released a signature in April to protect against this threat. iCorps provides endpoint protection through this managed service.
Up-to-date operating system: Updated Windows 10 systems were not impacted by this attack. Additionally, any clients on Windows 10 Enterprise have the added benefit of Advanced Threat Protection (ATP) which is immune from this type of threat as well as having built-in zero day countermeasures (important to protect against some of the most dangerous threats).
Data backup: For those of our clients utilizing our iCorps Guardian (data backup and disaster recovery service) you can rest assured that your data and systems are backed up. Having this safeguard in place would allow you to bypass the ransomware altogether and allow iCorps to get your IT systems back up and running within hours.
iCorps considers cybersecurity to be of utmost importance for its clients and takes these types of events seriously. This week we will also be providing steps on how to protect your organization from spear phishing email attacks. If you have any questions about the countermeasures explained above or the ransomware attack, contact us. We are happy to answer any questions or work with you further to improve your company’s security posture.
FBI Announcement - Indicators Associated with WannaCry Ransomware
Beware of These 6 Ransomware Tactics and Cyber Scams
Tips for Protecting Yourself Against Ransomware
The Business Guide to Ransomware