thinkCSC has been closely tracking a global ransomware attack called “WannaCry” that was initiated last Friday and has impacted organizations in at least 150 countries. The attack began in the UK, shutting down several hospitals, thereafter spreading to Spain. The attack has now spread globally to organizations of all sizes in all industries, including those in the United States.
Please note that organizations with network visibility and a comprehensive patching program are protected and will be able to defend themselves against WannaCry. This ransomware is spread throughout an organization’s network by taking advantage of vulnerabilities in Windows Server Message Block (SMB). Targeted organizations are those who failed to deploy the patches Microsoft had released to protect against these vulnerabilities.
To learn more about the SMB security patches and software vulnerabilities, read more here: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
What Happens When WannaCry Ransomware Attacks?
When WannaCry ransomware is deployed, it encrypts files and demands a ransom of $300 in Bitcoin. thinkCSC urges organizations NOT to pay the ransom, as payment has not resulted in a release of the encrypted files. Read more here: http://www.bbc.com/news/technology-39920269
To learn more about the WannaCry ransomware attack, read more here: http://www.pcmag.com/article/353670/wannacry-ransomware-what-you-need-to-know
The thinkCSC team is actively monitoring the situation.
All thinkCSC Managed Services Clients have patches in place for exploitation attempts against the Windows SMB vulnerability, as well as IPS network detection for the WannaCry ransomware.
Keep in mind that this is an ongoing campaign, and we are regularly updating our detection capabilities. Additionally, we are keeping a close eye on customer networks as events unfold. Please notify thinkCSC of any reported cases of WannaCry ransomware in your organization.
Recommended Courses of Action:
thinkCSC recommends all organizations take the following actions:
- Ensure that “Security Update for Microsoft Windows SMB Server (4013389),” reference Critical Microsoft Security Bulletin MS17-010, has been applied.
- Update endpoint protection and antivirus software definitions, and have all users leave systems powered on so they can receive patches and definition updates.
- Remove public access from any Windows system with Server Message Block that has not been patched (as a best practice, SMB ports 139, 445 should not be exposed publicly and should be blocked from all externally accessible hosts).
- Ensure that all internal Windows systems are patched, to avoid internal spread of WannaCry ransomware.
- Ensure critical files are backed up appropriately.
While thinkCSC believes that employees will always be the first line of defense against ransomware attacks, the only real solution is for leaders of all –organizations – businesses of all sizes, government entities, schools, hospitals, and –others – to invest in stronger IT security that includes offsite backup and recovery. These protections, combined with ongoing staff training, strict security policies, and constant vigilance, are an absolute necessity in today’s cyber-environment.
For new customers interested in information on obtaining our services, please contact us at email@example.com
We have all seen ransomware become more sophisticated, regardless of where we live or work. And the cyber assaults seem to be never ending. Just as security and protocols are developed to keep your network secure, hackers use ransomware to go after educational institutions. As colleges and high schools work quickly to develop offsite backup and recovery solutions to protect them from having to pay ransoms in order to access their data, government offices became the target. Even as technology has made us more efficient and more capable, it has also made us more vulnerable when we don’t implement the right solutions to protect our homes and businesses from these types of attacks. And the biggest threat from ransomware is yet to come: infrastructure threats.
Consider what has happened so far:
- Hospitals and other medical facilities are being targeted. In 2016, hospitals were specifically targeted using Locky ransomware, with one LA hospital paying a $17,000 bitcoin ransom to access their files.
- Utilities are at risk. In April 2016, the Lansing Board of Water & Light (BWL) in Michigan was the victim of a ransomware scheme that has cost the utility nearly $2 million.
- Guests held hostage. In a unique display of cyber hacking, a luxury hotel in Austria was forced to pay an $1,800 bitcoin ransom after hackers accessed the hotel room keycards and locked the guests out of their rooms.
It’s likely that the next threat will be even more insidious, as hackers develop methods for compromising entire systems. Georgia Institute of Technology, recognizing the risk to programmable logic controllers (PLCs), developed ransomware with which they could take control of a simulated water treatment plant, gaining access to PLCs to control valves and additives, and even create false readings. While this was a simulation designed to help understand how to prevent an attack, the risk is real.
Act Now to Prepare for a Ransomware Attack
Businesses of all sizes and in all industries, government entities, schools K-16 and beyond, and individuals must all do their part to prevent ransomware. We must become far more selective about the emails we open, read, and forward, giving special attention to the links we click and the attachments we open. We must invest heavily in better security, from virus software to endpoint detection. We must all take steps to thwart hackers.
At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to their advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goals, contact thinkCSC for more information.