Weekend attacks of the ransomware WannaCry— aka WannaCrypt, Wanna Decryptor, WanaCypt0r—created a widespread panic Monday morning for about 230,000 users in 150 countries. European governments and business were affected most; a MalwareTech researcher contained it before it could impact the US to the extent it did overseas.
The impressive scale of the attack is unprecedented, and provokes finger-pointing and assigning of blame in the tech community. Narratives include:
- The NSA is at fault for stockpiling vulnerabilities it discovers. (Microsoft blog)
- Microsoft corporate greed motivates discontinued support for old systems. (NY Times)
- Hardware can’t keep up with software updates. (The Verge)
Meanwhile, mainstream news outlets are answering questions like: what is ransomware? How can I avoid ransomware? How much is a BitCoin?
We are firmly in buzzword status with ransomware as a term. Look at this ridiculous Google Trends graph.
Is anybody listening? Tips to avoid ransomware should be common knowledge by now, but there is apparent confusion around what it does. Let’s establish a sensible premise for answering a question like what is ransomware?
- Ransomware is a malicious file that locks users from endpoints and server data.
- Ransomware lockouts of this scale exploit known holes in operating system and server software.
- WannaCry is a “worm”-style malware that scans and spreads on a network by targeting vulnerable systems identified by signals in network protocol. (Cisco Talos blog)
- Ransomware files are often introduced to the network by humans, who get tricked into giving logon info, or by downloading a file they should not.
What Microsoft knew prior to the outbreak, and actions they advised:
- Microsoft learned of WannaCry exploits and issued a patch two months before the attacks.
- All current supported Windows versions – Windows 10, Window 8, Windows 7, Server 2016, Server 2012, Server 2008 – were availed to the update in March.
- MS availed the WannaCry as a Windows XP security update, and Server 2003 update—it is out of the ordinary for MS to patch out-of-support software.
Characteristics about how victims of the WannaCry treat security:
- In the UK, the Nation Health Service incurred 16 systems taken hostage. NHS had heavy use of Windows XP in its infrastructure; NHS heads decided to forgo upgrades and extended support in 2015 (Register)
- Russian computers are, by far, the most affected by WannaCry. Russia are the biggest purveyors of pirated Windows software, which is not patched by the company. (Media Piracy in Emerging Economies)
- Expired support or not, Windows XP is still widely used everywhere in the world—even in the U.S. The US Navy Windows XP support costs millions. Attackers put ransomware on City of Detroit servers running unsupported Windows XP.
Local TV news gets it right
Morning show anchors on TV news are providing sound advice on the topic for generalists. The kind of advice people responsible for big time networks ignored.
- Only use up-to-date operating systems on your computer
- Don’t open shady-looking e-mails; avoid downloading random files
- Make backups of your data; deploy backups to get rid of ransomware
Avoiding ransomware means taking responsibility
Love it or hate it, Windows licensing has one clear cut message: out of support software risks ransomware and other attacks. It’s the only straightforward part of the licensing process.
It is difficult to place the blame on anyone but the business or public entity that fails to keep licensing and security up to date despite months and years of warnings from the vendor (and me).
A business network setup must involve firewall protection, endpoint security software, and malware detection—a multi-layered approach to cybersecurity. Untrained users will click on anything; get them up to speed about how to sniff out suspicious links should it penetrate network defenses.
Tight budget? No excuse! Learn how to conduct free staff training for cybersecurity in your workplace.