WanaCry? Ransomware only works when users are in the dark
We don’t have to be easy targets. By making cyber security accessible and easy to understand for everyone, we can all be secure.
Advice brought to you by the Hacksy team, a cyber security assistant by Decoded, helping businesses make security easy.
On Friday 12th May 2017 computers all over the globe were locked, files were encrypted and data was lost. Healthcare, telecoms, and shipping were the worst affected, but banking and car manufacturers were also hit. Patients were turned away from hospitals and whole industries came to a standstill.
The hackers themselves have not been found, but we now know what happened and how to prevent attacks like this in the future.
What is WanaCry?
A version of WanaCry ransomware (malicious software that holds your files and data to ransom) was used to cripple those systems and is continuing to spread.
WanaCry targets a widely reported hole in Windows XP’s security, a update for which was released in March 2017. Microsoft hasn’t supported Windows XP since 2014, but took the extraordinary step of releasing this ‘patch’ because of the severity of the vulnerability.
It is part of a new breed of ‘point-and-pwn’ hacking-as-a-service tools that require very little technical knowledge or experience, and can be executed by almost anyone. This ‘hacking as a service’ is now available to anyone, anywhere, making this kind of hack as easy as clicking a few buttons and sending some emails. This isn’t the last we’ll see of ransomware, or even of the WanaCry.
No one is safe in this new environment, but we can reduce the chances of becoming victims.
How did it happen?
It seems WanaCry isn’t quite like normal ransomware. Research by Sophos seems to indicate it spread in an unusual, fairly old-school fashion.
WanaCry looked for an open point in a computer network (a port) and once it found the one it was looking for (port 445) it checked if it was open. If it was: bingo! Spreading like this makes WanaCry closer to an early-2000s worm than the usual 2017 ransomware attack.
Normally, for ransomware like WanaCry to take hold in a system it needs an entry point, and that’s us — humans!
Usually people are responsible for letting malware in, be it clicking on a link in a carefully constructed phishing email or visiting insecure sites. This could be anyone in the organisation, from the boardroom to the front desk.
In the case of WanaCry someone didn’t need to click on a malicious link, a flaw in XP and an open port did the hard work for it, but that doesn’t mean we shouldn’t be vigilant when protecting ourselves against ransomware in general.
What can be done to protect yourself and your organisation from ransomware?
- If you are still running Windows XP, patch it immediately. That will stop this version of WanaCry in it’s tracks.
- Move away from software that is no longer actively supported. Move away from software that is no longer actively supported. Once a piece of software is no longer actively supported (e.g. Microsoft Windows XP), those who continue to use it are far more likely to become victim to an attack.
- When dealing with ransomware in general, people matter most. Protecting yourself is not a purely technical task. Ransomware attacks prosper when a user base doesn’t prioritise security hygiene. Security teams need to start working hand-in-hand with users to bolster the defences of their organisation.
Technical fixes combined with empowered and motivated users will break the back of ransomware.
Only by working together can we avoid falling victim to these kinds of attacks and protect ourselves in the future.
Hacksy helps build strong relationships between security departments and users. Using a chatbot, we educate users in a way that they enjoy and help organisations embed a culture of security.
