www.apress.com
Apress home page

22/05/2017

Wannacry: Why It's Only the Beginning, and How to Prepare for What Comes Next

By Mike Halsey


It was a perfectly ordinary Friday when the Wannacry ransomware struck in May 2017. The malware spread around the world to more than 150 countries in just a matter of a few hours, affecting the National Health Service in the UK, telecoms provider Telefonica in Spain, and many other organisations and businesses in the USA, Canada, China, Japan, Russia, and right across Europe, the Middle-East, and Asia.

The malware was reported to have been stolen in an attack on the US National Security Agency (NSA), though the NSA denied this, and exploited vulnerabilities in the Microsoft Windows operating system. Microsoft had been aware of the vulnerabilities since early in the year, and had patched them back in March. However, the patches were only applicable for currently supported versions of the operating system. 

This meant that older, legacy, versions of Windows, such as Windows XP, did not have the patch released. Windows XP fell out of extended support in 2014, meaning that no further patches and updates would be released for it.

The people releasing Wannacry exploited businesses and organisations that were still using this, and other legacy operating systems, and that had not yet upgraded to newer and more secure versions of Windows, such as Windows 10.

There are plenty of reasons a business might use to justify to itself why it doesn’t need to upgrade.  The most common reasons are having custom software, usually written many years before, that won’t run, or won’t run properly on newer operating systems. They might also have older hardware that’s just not supported by the newer operating systems, because of a lack of driver support, or PCs that are simply not powerful or fast enough to run those new OS versions.

It’s very uncommon however for these PC systems to be completely sandboxed. Sandboxing (the process of removing all network connections from a PC and isolating it as a stand-alone machine) is critical for legacy OS installs, and can often be best practice for mission-critical systems that perform only one or two repetitive tasks.

Then came the problems with files and data.  Wannacry was a ransomware worm.  This means that it burrowed its way across networks and the Internet, looking for machines it could infect, and then encrypting any files and data it found on those PCs.

It’s very common for businesses, organisations, and individuals to have robust backup procedures in place nowadays. Not always though will those backups protect against ransomware. Let me give you two examples. In the first we have a company that does a backup daily, or perhaps every few days.  In this case when Ransomware encrypts files, they run the risk of being caught in a backup before the malware itself has been spotted and identified on the network.

In the second example, people are using a cloud backup service such as OneDrive (Office 365) or Dropbox to back up their files and documents. In this example the backup takes place almost instantaneously, the moment a file is changed. Thus, the moment it is encrypted.

To protect against ransomware, you need a multi-tier backup strategy with version control.  This means you have several backups running, perhaps daily, weekly or bi-weekly.  Again however this doesn’t protect you against ransomware.  To take one scenario, the ransomware could hit only a day or two before your next bi-weekly backup is scheduled to begin.  In the second example, if a weekly or bi-weekly backup destination is visible and accessible on the network, it too can be encrypted by the worm.

This is where secure versioning comes into play, and offsite backups.  It’s possible to connect to an offsite backup source only when necessary, and to use secure version control to restore older versions of files after they are changed (i.e. encrypted).

Having a backup strategy in place that takes the threat of ransomware into account can make it a quick process of reimaging PCs, and restoring from the appropriate backup afterwards.  You may lose a few days’ worth of files and data, but it’s a much smaller price to pay in the longer term.

There’s also the matter of legacy operating systems to deal with. It may be expensive for a business or organisation to upgrade their hardware or software so that it’s compatible with Windows 10, but there are significant benefits to be gained too. Having updated software can increase throughput and productivity. Having newer hardware can reduce power consumption. The most important consideration though is the value of the data you hold.

Across the world, heavy fines can be levied against businesses and organisations that do not adequately protect the data they hold on other businesses and private individuals. Every year, thousands of businesses and organisations are affected by ransomware. Data is stolen, defences breached, and ransoms paid, all without the world ever knowing.

Businesses keep this information secret both to avoid penalties from the authorities, but also to avoid the damage news of such a breach would have on their reputation. The fact of the matter is though that it’s your personal data and mine that’s being stolen.

Being aware of the threats posed by malware and ransomware, and investing appropriately in defending your PCs and networks against it, doesn’t have to be expensive. You may already have a volume licence subscription to Microsoft, in which case you’re paying for Windows 10 already, and keeping PCs patched and up to date is free.

Whichever way you look at it though, the cost of building adequate defences for your systems is small beer when compared to the costs you can face from a major security breach, because, let’s face it… Wannacry is going to be far from the last time the world faces such a threat.

About the Author

blog_halsey_virus_coverMike Halsey is a Microsoft MVP (Most Valuable Professional) awardee and technical expert.  As the author of Windows 7, 8 and 10 Troubleshooting books and associated videos he’s well versed in the problems and issues that PC users, IT Pros and System Administrators face when administering and maintaining all aspects of a PC ecosystem. Mike is a teacher and prolific author who uses his training in educating people about sometimes complex subjects in simple and straightforward ways to great effect in his books and training videos. 

Want to know more about how to protect users and PCs from malware? Find more in depth information in Windows Virus and Malware Troubleshooting by Andrew Bettany and Mike Halsey, ISBN: 978-1-4842-2606-3.