Someone once asked Willie Sutton why he robbed banks, to which he responded, “that’s where the money is.” With the increased sophistication and ease of ‘scalable exploitivity,’ ransomware is not only here to stay, but it will continue to become the most pervasive threat to our systems, networks, and data. The latest WannaCry ransomware that hit thousands of computers last week was the perfect storm, formed by taking advantage of a known vulnerability and combining it with human fallibility, which made it wildly successful and most likely yielded a bankload of money for the attackers.
How did this happen, and why will it continue to happen?
Vulnerabilities happen. Attackers are constantly looking for weaknesses in systems, networks, and software. In this case, compliments of the National Security Agency (NSA) losing a small war chest of exploits, the bad guys were able to build attack tools that specifically took advantage of these vulnerabilities. WannaCry exploited a vulnerability in Microsoft Windows that was identified by the NSA and leaked to the public by the hacker group known as The Shadow Brokers in April, according to several cybersecurity experts. This blog post is not about looking under the hood to dissect the particular technical weaknesses that led to this exploit, instead it is more about the process behind what the industry and potential victims need to do.
Now onto the vulnerability in question…
Soon after the NSA leak of the vulnerability was made public, Microsoft reacted quickly and strongly by issuing a patch to address it. The problem is that many individuals don’t think about automatically applying those updates (I bet many of those affected by WannaCry will do so in the future!) when it is such a simple thing to do. Businesses, on the other hand, have a larger challenge. We have worked with hundreds of clients over the past couple of decades and vulnerability management and patching are always a difficult challenge. Patching equates to downtime (maintenance windows), additional work (must test patches to make sure they don’t break the apps), or even risk (applying the patch may break something in our systems). That said, it should still be a no-brainer to automatically push patches to desktops/laptops in near real-time as these are the devices that are commonly attacked by ransomware (the users!).
The second half of the equation here is the ‘carbon’ half – the users – this means you. When I used to ride a motorcycle, part of my awareness was that every person in a car was out to kill me. Now, while emails may not kill you, a bad one certainly may make you WannaCry. That said, you should be constantly vigilant of EVERY email you receive, even if you receive hundreds a day. It just takes one to wreak havoc. Whenever you see a link or an attachment in your email (or text message, or social media, etc.) your immediate reaction should be to NOT open it, no matter how enticing. Don’t fall for it. Anything that is too good to be true, probably isn’t true. Anything that sounds more threatening than it should be (i.e. ‘you owe taxes’) probably isn’t threatening at all, and anything that sounds like it’s more helpful than it should be (“your package has been shipped, here’s the link”) probably isn’t going to lend you that helping hand. Don’t take anything for granted.
For the most part, the Internet is a peaceful happy place and our lives have become irrevocably intertwined through our connections to each other over the Internet. But that also means that there will continue to be many out there looking to make a quick buck at our expense. And while this attack was successful many thousands of times, it was also NOT successful millions of times over where individuals and businesses alike applied patches in a timely manner or where there was enough awareness to simply not click that link.
Ransomware will continue to grow as a real and immediate threat – the more proactive (patching) and vigilant (awareness) you are, the less chance you end up shedding a tear about being that next victim.
Want to chat more about the WannaCry ransomware or how you can protect yourself from potential attackers? Feel free to reach out to me directly or comment below.
To learn more about Online Business Systems’ Risk, Security and Privacy practice click here.