#WANNACRY: A Happy Accident Is ‘Holding Back The Tears’ – For Now

An unfortunate truth about computer security is that would-be hackers only have to be lucky once, but data security specialists have to be lucky always.

Today, it’s looking like we’re very lucky indeed – if only for the moment. If you’ve been following the stories (and the near-panic) surrounding the #WannaCry ransomware attack and have been concerned about your own systems’ potential vulnerability, the good news is that a British malware specialist’s quick thinking and good luck seems to have bought you some time.

For those who don’t know, #WannaCry is a particularly malignant bit of malware currently being spread through some highly sophisticated phishing emails. When these are read and acted upon, they trigger the download of an application that proceeds to encrypt a computer’s contents and demand a 300 Euro ($329) ransom, payable in Bitcoin, for the favor of decryption.

Here’s what’s made #WannaCry really worth crying about. Firstly, the phishing emails leading users to inadvertently download it are highly polished, usually appearing to come from trusted associates and credible companies (one victimized company, Docusign, has provided a guide to distinguishing its genuine messages from the malicious fakes). Secondly, the hackers have evidently used a trove of stolen U.S. government spying tools to ease the malware’s spread – and help it to evade even sophisticated corporate security measures.

Microsoft has blamed the NSA’s creation, and subsequent loss of control of, these tools for #WannaCry’s success in exploiting a Windows vulnerability and skirting robust security systems. And let’s face it: No matter how good a given vendor’s security systems are, an NSA-sponsored hack is likely to get past them. That’s just what happened as #WannaCry started cutting a swath across European, Russian and Asian networks beginning late last week. While it had also cropped up in various US locations, notably FedEx, it was thought that Monday morning would have brought its full force to bear upon American systems and users.

By now, many of us would have been screaming at our PCs and reaching for our credit cards – were it not for some quick and lucky moves by an English security guru going by the name of MalwareTech. In examining the phishing emails’ code, MalwareTech found a reference to a scrambled (and unregistered) domain name buried in its inner recesses. As it turns out, this had been inserted as a “kill switch” designed to stop the emails’ spread if its author decided to; once authenticated as “valid,” the emails would stop reproducing and re-sending themselves on infected computers. MalwareTech registered the domain name, and bingo – the emails stopped, and the large-scale assault on American networks didn’t happen.

More correctly, though, it didn’t happen yet. As MalwareTech pointed out, the hackers behind #WannaCry need only to modify the code slightly to bypass the kill switch and resume the attack. As of Monday morning, some experts say they’re already starting to see some modified emails starting to spread in the wild. That means that if you’ve been spared so far, it isn’t the time to press your luck: Make sure that your systems are protected immediately, if not sooner. Start by following Microsoft’s guidance, and install all applicable patches for the systems you’re using. Microsoft has even taken the extra step of providing patches for legacy products such as Windows XP, Windows 8, and Windows Server 2003.

So if the ‘bad guys’ are growing increasingly sophisticated and the threat they pose is growing more severe, what do you do? Red Level has a few recommendations:

  • Apply patches and updates. Ensure that systems are up to date and that all software updates are installed.
  • Double-check email addresses. Watch for unfamiliar names and domains, as well as ‘spoofed’ accounts pretending to be trusted contacts.
  • Think before clicking. Don’t click or download suspicious or unexpected attachments, or visit unfamiliar links.
  • Use proactive protection. Install and use the latest antivirus and anti malware software available.
  • Keep regular backups. Maintain a regular offsite backup schedule and implement a disaster recovery plan.
  • Modernize your server. Upgrade server operating systems to Windows Enterprise Server.
  • Talk to us. Red Level can develop a comprehensive plan to protect your users, customers, systems and data.

Download the infographic:

Red Level_Protect Against Ransomware Infographic

We may have been lucky this time, but luck won’t hold out forever. Data security experts around the world are taking this threat especially seriously. We certainly are, and we think you should, too. #WannaCry marks the beginning of a threatening new era in malware, and it’s pretty clear that we have to be ready to respond quickly if we want to keep luck on our side.

For more information about gaining a competitive advantage with digital transformation, contact Red Level today.

Related Posts

Stay Up-To-Date.
Subscribe to The Red Letter

– Red Level's quarterly email featuring the people, ideas and events IT pros need to know.