Blog Date: 6/6/2017
Author: Ray Coulombe
One of the latest ransomware issues in the news stems from the hack of NSA’s cyber arsenal of known vulnerabilities and exploits. A shadowy group called “Shadow Brokers” released a collection of these stolen exploits, one of which is known as “Wanna Cry”. Wanna Cry targets a flaw in older or unpatched Windows operating systems.
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” said Brad Smith, Microsoft’s chief legal counsel, in a blog post. He’s referencing a previous time when vulnerabilities stored by the CIA showed up on WikiLeaks. Although Microsoft had patched this vulnerability in March, machines could still remain at risk for two reasons:
- Patches may not have been applied to the
- Machines running Windows XP couldn’t be patched because of Microsoft’s lack of support for them.
Luckily, after this exploit became known, Microsoft issued updates for Windows XP, Windows 8, and Server 2003. Unfortunately, updates alone don’t always fix the problem, particularly if users aren’t diligent in applying them.
How does one prepare for potential ransomware malware, and how does it even access your digital devices?
- Technology – Systems can be compromised through brute force attacks and the exploitation of vulnerabilities. The most common weakness involves passwords where billions of character combinations can be tested in seconds, starting with the most likely dictionary-word combinations. When passwords haven’t been changed from default, it’s probably only a matter of time before the system is breached.
- People – The primary vehicle for people-directed attacks is email. Be smart: Don’t give in to the usual phishing schemes (“click this link” or “open this attachment”). It’s essentially a vehicle for malware to enter your machine and the network that it’s connected to. Spear phishing, the act of crafting a personally targeted email, is more enticing. By leveraging social media, public records, and purchased or stolen email lists, a very personal email can be created to appear to be from someone you know or recognize. Even though a link appears clickable, don’t click it unless you’ve verified it’s safety!
- File-Sharing – How many USB sticks have you found or been given? Be cautious. Most information from vendors can be provided via their website or other secure means, so you’re better off not accepting or using USB sticks for which you have no basis of trust.
- Social Engineering – The act of gaining useful or unauthorized information or access, known as social engineering, is a valuable tool for reconnaissance or attacks. Encounters can be in-person, over the phone, through email, or on social media. Sometimes, they involve leveraging one piece of received information to get more until something really useful is assembled.
What can we do to prevent these ransomware attacks?
- Change your password from the default, and make it difficult to crack through randomized letters. Use a password management service like LastPass or DashLane to manage.
- Never open attachments or click on links in emails, texts, or tweets if you aren’t sure you can trust it—even if it’s from your mom.
- Don’t ignore security updates on your devices. The update process can be annoying, but they’re in place to make your device safer!
- Train your employees. Even when employees are warned that a test “fake email” is coming their way, many still click on it! Check out the type of services offered by KnowBe4 (www.knowbe4.com) where customized email program tests, USB security, password tests, and more are available.