Ransomware is an aptly named type of malware that uses cryptology to block victims from accessing their data until a “ransom” is paid. Ransomware is not a new practice – it’s been around since 2005 according to Wired – but the development in ransom cryptware has made it easier for hackers to execute. In 2015, the FBI warned that ransomware activity was on the rise, and last month, a strain of ransomware called WannaCry hit more than 200,000 systems in 150 countries, affecting large organizations like National Health Service hospitals in England, and Telefonica in Spain.
The WannaCry strain spreads via Server Message Blog (SMB) using a Microsoft Windows vulnerability. Microsoft addressed this vulnerability by releasing the MS17-010 patch in March, but some organizations still have not updated their systems. Once it infects a network, WannaCry encrypts all files it has access to and attempts to delete all shadow copies, making affected files even more difficult to recover.
Following a high-profile ransomware attack like WannaCry, it’s not unusual to see outbreaks from various copycat strains. It’s important to stay vigilant against attacks. Although WannaCry is a particularly vicious ransomware strain, there are steps you can take to guard against similar attacks. Here are five things you can do today to protect yourself:
- Don’t click on links or open attachments from people you don’t know. Ransomware can spread through infected email attachments or malicious websites.
- Employ company-wide antivirus and threat detection services. Some advanced Spam Filtering services have features that can protect against malicious links sent through email. The URLs are rewritten to point your browser to their service. The service will then analyze the site in real-time and block you if it’s malicious or transparently redirect you to the site if it’s safe.
- Patch your servers and workstations regularly. Develop a patching program and methodology that allows patches to be deployed within company policies. Generally, critical patches should be applied within 30 days of release. If you are unable to patch your systems (for reasons such as application compatibility), ensure those systems are adequately protected using additional measures such as network isolation, & application whitelisting.
- Lock down network resources. You can also minimize your risk of attack by limiting who can access data. Secure your file shares by granting access only to those who need it. From a networking perspective, network access should be limited to what is necessary, both internally on your corporate LAN and externally from the Internet.
- Review your backup strategy. It’s nearly impossible to guarantee your organization won’t be hit by a ransomware attack. However, you can curtail potential damage by ensuring all your critical data is included in your backup jobs and maintaining multiple copies of important files – including one that is completely offsite. In addition, review and verify versioning and retention policies for SaaS such as SharePoint Online, OneDrive for Business, and Exchange Online.
Although it doesn’t appear these types of attacks will go away anytime soon, organizations don’t need to feel helpless against them. By following the pointers above, you can reduce your chance of being targeted by ransomware. For more information on ransomware attacks and how to prevent them, visit Microsoft’s Malware Protection Center.