On May 12, computers and organisations in as many as 104 countries were put to risk by a new strand of ransomware. This new ransomware christened “WannaCry” was found to be propagating through a Windows SMB vulnerability affecting all versions of Windows.
Since windows is the most widely used OS around the world, more than 200,000 systems worldwide were affected. However, conservative estimates by Avast and F-Secure suggest roughly 120,000–130,000 systems being affected worldwide. Apart from being the most widespread ransomware, it also had an anti-climactic ending. To evade sandboxes and potential reverse engineering techniques, the ransomware is connected to a non-existent domain. If it didn’t receive a legitimate response from that server, it would encrypt the victim’s files otherwise it won’t. A malware analyst registered the domain out of curiosity and the outbreak of “WannaCry” stopped.
Now, you may be wondering how did it spread across the world and who all were affected. For starters, it used the exploit developed by NSA to connect to every windows machine using the SMB service. Russia and India were some the worst affected countries. The targets of this attack ranged from banks to ATMs and healthcare systems.
In India, National Cyber Security Advisor, Mr Gulshan Rai, who works out of the Prime Minister’s Office claimed about 100 systems were attacked in India including Police and Health department computers of various states.
To protect your systems from such attacks, here are a few countermeasures:
- Patch all vulnerable versions of Microsoft. Microsoft has released critical patches to this bug, ahead of their Patch Tuesday. Everyone is advised to download and patch their systems from official website of Microsoft-
- You can block SMBv1 by navigating to Control Panel->Programs->Turn Windows Features On or Off. Here you can simply uncheck the box against SMB 1.0/CIFS File Sharing Support
- Update your antivirus and anti-ransomware definitions regularly.
- Use open source OS like Ubuntu, Redhat and OpenSUSE.
- Regularly backup your critical data. In the advent of a ransomware attack, backups are the only way one can minimise the damage.
- Train your employees in the basics of cyber hygiene. Estimates suggest that 90% of such data breaches and malware attacks can be averted if employees follow proper cyber hygiene.
- Regular Vulnerability Assessment of your applications and IT infrastructure. This could reveal backdoors, unpatched vulnerabilities and other weaknesses of your IT infrastructure.
As they say, prevention is better than cure. So is the case with IT health of your organisation. It is always in your organisation’s best interest to adopt proactive cyber security measures than waking up to a ransom note, paying 10s of Bitcoins as ransom and fuelling the underground economy.