Ransomware Attack that Could Have Been Avoided!

You’ve reached an archived blog post that may be out of date. Please visit the blog homepage for the most current posts.

Ransomware attacks are not uncommon; they are happening every day now. But, as reported in every major news outlet on the planet, including this article in Dark Reading, a new strain of ransomware called WannaCry (aka WanaCrypt and WCry) has spread through at least 74 countries. Tens of thousands of computers have already been infected. It appears to be able to self-propagate, making it extremely dangerous. Once it’s on your business network, it can infect many other machines. It’s a new variant of an earlier version that first came out in late March.

Ransomware typically works by encrypting your files so that you can’t access them until you pay the ransom. The ransom in this case appears to be a demand for $300 in Bitcoins that must be paid within 3 days or the amount is doubled. After seven days the files on the system are gone forever.

Ransomware is a major component of cybercrime that costs businesses millions of dollars each year.

Figure 1: Average Cost of Cybercrime per Organization in 2016
(Source: “2016 Cost of Cyber Crime Study: Global.” Ponemon Institute. Feb 2017).

The WannaCry ransomware leverages the EternalBlue Windows exploit that came out of the NSA tools that were leaked last month by the hacking group Shadow Brokers. There is a critical software vulnerability in the Windows Server Message Block (SMB) that has been exploited.

But here’s the thing— Microsoft released a patch for the Windows vulnerability (MS17-010) on March 14th. It’s now May 12th. So, almost two month have gone by and many, many organizations have not patched their Windows systems. If you have applied the patch for the Windows SMB vulnerability, then you have nothing to worry about. If you haven’t, then your organization is highly at risk, and for no good reason.

Figure 2: Patch Availability on Day of Disclosure—More than 80% of Vulnerabilities Have Patches within 24 Hours

Software Vulnerability Management solutions enable IT Security and IT Operations teams (SecOps) to efficiently work together to significantly reduce the time from vulnerability disclosure to remediation. These tools provide vulnerability intelligence (such as that provided by Secunia Research) that allows teams to continuously track, identify and remediate vulnerable applications – before exploitation leads to costly breaches.

“Frankly, if you wait two months to apply a critical Microsoft patch, you’re doing something wrong,” said Kasper Lindgaard, Senior Director of Secunia Research at Flexera. “This time, we even had a warning in April that this could very likely happen, so businesses need to wake up and start taking these types of threats and risks seriously. There is simply no excuse.”

To learn more, please read our whitepaper: Corporate Software Inspector – Bridging Vulnerability Management Gaps