At Sparkrock, we help Nonprofit organizations to continually leverage technology in order to more effectively deliver on their mission. However, the more you use technology to enhance productivity, the more vulnerable your organization becomes to things such as malware attacks.
This past weekend, the most severe malware attack in 2017 took place. According to BGR.com, "This unprecedented malware attack began sweeping the globe late last week, and security researchers estimated that nearly 57,000 computers in more than 150 countries were infected by the end of the day on Friday. While the spread of this terrifying ransomware was slowed on Saturday, it was hardly stopped. As of Monday morning, more than 200,000 systems around the world are believed to have been infected."
It has been mentioned that Public Sector organizations are a target, because they tend to be very conservative in how they apply patches.
The attack takes advantage of vulnerabilities in Microsoft Windows systems that were left unpatched until March. The attack spreads by phishing emails that lure users into clicking malicious links that install the ransomware. Once infected, the ransomware uses an exploit believed to have been developed by the NSA to infect other computers on the network that do not have the patch fix to stop this vulnerability installed. If users have applied this patch fix, which should be a part of the regular Windows Update process, they should be pretty safe against the original ‘WannaCry’ attack.
The main problem is for computers running Windows XP, as updates have not been released for it for years and the vulnerability was still an issue up until Microsoft issued an emergency patch for XP over the weekend. This patch would need to be manually applied to affected systems, and if Windows Update was not set to automatically install updates, machines running newer versions of Windows would also need to manually install the patch.
According to Symantec, here are the best practices to protect against ransomware:
- New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them. The key thing to do immediately is ensure that the fixes at https://technet.microsoft.com/en-us/library/security/ms17-010.aspx have been installed.
- Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
- Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
- Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
- Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.
- Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to roll back to the unencrypted form.
Sparkrock is committed to ensuring all our systems have the latest patches installed on them. So rest assured that any data shared with Sparkrock is completely safe, secure and protected.