The hype over the WannaCry ransomware attacks in mid-May that ultimately disrupted 300,000 systems in over 150 countries has died down. Nonetheless, it is thought to be the largest ransomware attack recorded to date; taking the British National Health Service as one of its first and most severely assaulted victims.
While the cyber criminals responsible for the attacks left massive footprints, WannaCry teaches us a lot about the changing motives of hackers — and how organizations can protect themselves from future attacks.
The Danger In Running Vulnerable Programs
Hackers exploit vulnerable programs. It really is that simple. In the WannaCry scourge, this included old Windows XP programs no longer supported by Microsoft and to a larger extent, the more widely-deployed Microsoft Windows 7 operating system (OS).
A survey for Reuters by security ratings firm BitSight found that a whopping two-thirds of organizations embroiled in the global WannaCry attack were running Windows 7, without the latest security updates.
There are a myriad of reasons why organizations run obsolete programs or fail to make crucial security updates. One is fear of service interruption. While seemingly sound, this reason can result in — as we have seen with WannaCry — more interruptions than could have been fathomed.
As late as May 25, Queensland Health hospitals in the U.K. were still at a standstill with vital data lost and surgeries put on hold. But there might be a silver lining to these attacks. Valuable lessons have been learned. Lessons that organizations are now scrambling to prevent from learning a second time around.
5 Valuable Lessons Learned from WannaCry
- Update systems regularly. Unfortunately, this is a lesson on repeat. No matter the cost or downtime, systems must be updated to keep pace with changing threat tactics.
- Backup data. In the wake of the WannaCry attacks, hospitals lost vital data. In most cases, that data was not backed up. Backing up data and testing backup processes is a basic step in cybersecurity. Sadly, it’s one that is not often taken.
- Patch on schedule. Or, as noted on the Fortinet blog, ‘practice good hygiene.’ Make patching a regular part of your system maintenance. Remove systems that cannot be patched or updated.
- Create a doomsday plan. Interruptions to service can be minimized if an organization has a solid incident response plan. WannaCry’s scale has demonstrated just how crippling a ransomware attack can be. When everyone knows their role in responding to an incident, attacks can go from catastrophic to bothersome.
- Look for risks. Implement ‘behavior-based security tools’ that can detect unknown patterns or projected risks along with known risks.
An Interesting Note (and Perhaps a Motive)
Despite the panic it incited, WannaCry did not generate a massive profit. It is estimated that cyber criminals earned less than $100,000 from the attacks.
Some cybersecurity experts have suggested the modest gains might provide some insight into hackers’ motives. One hypothesis is that hackers wanted to teach organizations a valuable software update lesson. Another is that the attackers wanted to one-up the NSA by exploiting a leaked Windows hacking technique.
Either way, the same conclusion can be drawn: Failure to backup or protect vulnerable systems can lead to chaos. As a Fortinet partner, Istonish can help your organization prevent disruptions caused by cyber attacks. Contact us today for more information.