You probably heard about the ransomware strain WannaCry that spread globally in May, blocking customers from their data unless they paid a ransom.
WannaCry exploited a Windows vulnerability that Microsoft released a patch for two months earlier. This attack was (or should’ve been) a wake-up call to the importance of timely patching on every server and PC, every time critical security updates are released.
Fast forward to a few weeks ago, when major news sites reported a second global ransomware attack in two months. An attack that is exploiting the same vulnerability that WannaCry had exploited.
The fact that there were (and still are) so many companies, governments and hospitals who haven’t applied the patch, even after the very publicized WannaCry attack, highlights the need for better IT processes, discipline, and leadership. Here are four lessons we can all learn from these attacks.
Lesson #1: Apply critical security patches as soon as they are released to minimize risk of exploitation.
WannaCry and this new strain called Petya didn’t appear out of thin air. Microsoft released a security update soon after the vulnerability was identified, but many computers and systems around the globe did not have the patch applied, which led to this widespread attack.
Lesson #2: Paying the ransom won't get your data back.
A lot of times people think they can just pay the ransom to get their data back. What's the big deal to pay $300 for a critical file?
Getting your data decrypted by paying the ransom is highly unlikely because the hackers' email provider locked down access to the account they created to accept Bitcoin payments and distribute decryption keys, making it extremely difficult, if not impossible, for them to make good on their promise to decrypt after payment. That's why you need a weapons-grade backup solution (see below).
Lesson #3: Back up your files hourly to a device that takes image-based backups versus file-based backups to cut down on downtime and lost work.
Organizations may not be able to decrypt their files if they were not properly backed up. Even if they were properly backed up, the time to restore could take hours or days, depending on the size of the attack and the backup system itself. And, if the frequency of the backups is less than hourly, you could still be looking at some lost data. Some of today's solutions offer instant recovery -- allowing you to continue operations while systems are being restored with little downtime.
Lesson #4: Implement interactive security training to keep employees on their toes and aware of the current threat environment.
Although these publicized strains are a result of a Microsoft vulnerability, other strains work independently and can still wreak havoc on organizations. Malicious emails find their way into your employees’ mailboxes at least once a day, and 90% of all malware requires human interaction before it can infect its target. Your people are the last line of defense, do you know how they’ll stand up to a spear-phishing email?
Next Steps You Should Take for Better Security
In the wake of these large-scale ransomware attacks, for a limited time Lazorpoint is offering a complimentary end-user security test, which can help identify weaknesses in your security strategy. Sign up today for a consultation.
To learn more about ransomware and the seven points of a cybersecurity prevention and recovery strategy, read our eBook, The Business Leader’s Guide to Ransomware.