Assessing the Real Damage of the 'WannaCry' Malware Attack

Posted 17 May 2017 3:58 PM by Mark Bentkower



Let’s talk about collateral damage and the innocent casualties of war.

I’m not talking about Afghanistan, Iraq or Syria. I’m talking about the 'WannaCry/WannaCrypt0r' malware attack that attacked more than 150 countries and multiple utilities, government and healthcare institutions this past weekend.

And, no, I am not trying to be cheeky or insensitive. This is the real deal.

By now there’s been plenty written in the news and in technical journals about the effects and outcomes. It isn’t just simple data loss. It goes beyond numbers in a bank account. Real people have been hurt. Patients have had to cancel appointments or have care delayed because doctors can’t access their medical records. It could even cost some patients their lives.

These sorts of issues will continue to unfold over the coming days and weeks. Make no mistake about it. This was the result of a munition that got into the wrong hands. It’s no different than if terrorists had stolen a bomb from an army site and detonated it in a data center.

Warfare between nations and states has moved into cyberspace. The weapons of choice are computer viruses, worms and trojans. Their purposes can be varied and include surveillance, stealing information, denial of services  (such as ransomware), hijacking physical devices to make them do things that they were not designed to do; and even to cause the physical destruction of property.

The exploit that was used in this latest malware attack was just such a munition. It was a government grade exploit that had been kept secret up until several weeks ago, when it became exposed to the public.

Upon notification of the vulnerability, Microsoft released patches immediately to fix this problem, but people have been slow to react.

Enter the hackers and malware guys. They see a juicy new exploit and a window of opportunity. And now a weapons grade vulnerability becomes an easy way for lower level hackers, who otherwise would not have had the talent or wherewithal, to infect a ton of computers.

Collateral damage.

Welcome to our new reality.

3 Ways We Can Protect Ourselves Against Ransomware

So how do we protect ourselves?

First, realize that if you’re still running old and unsupported operating systems, such as Windows 2000 and Windows XP, you’re literally hanging out a welcome mat to every bad guy out there. Please upgrade, and do it now. Even if those older systems are not on your security border, they still pose big risks.

Second, patch your systems regularly. I know it sounds simple, but the fact is that people and organizations don’t do it, and that’s exactly how this virus spread. If everybody had patched when Microsoft released the update, this virus would have been stopped.

Third, we can’t depend on antivirus, host/network based intrusion detection, firewalls or any other reactive technology to totally protect us. There still has to be a data protection component with a fast RTO that can let us quickly roll our applications back to running mode when these bad guys manage to slip through.

And, finally, we need to separate and sandbox our data so that if/when we do get attacked, the vector doesn’t have a shot at all of our data, or all at once. Data classification and separation on the inside is a must. Our old idea of a strong shell and no form inside doesn’t play anymore.

War has officially moved into cyberspace. 

Learn more by joining our webinar, “How To Protect Against Ransomware,” at 11 a.m. EDT on Thursday, May 18.

 

Share: