Defending Against Ransomware Attacks Like WannaCry
The aptly named “WannaCry” ransomware cryptoworm has been wreaking havoc on computer systems across the globe. Government services and enterprise-level systems were hit the hardest, including Britain’s National Health Service (NHS), which was forced to turn away patients while it struggled to bring its system back online.
Computers attacked by this malware receive a distinctive “ransom note” telling them that their files have been encrypted and that unless they pay up a certain amount, the files will be deleted forever. The attack usually first finds its way onto computers through a malicious file sent through suspicious spam emails, installing itself on the computer when someone opens the attachment.
Most worrying of all, once a single system is infected, the attack spreads like a “worm” virus across network-connected systems that have not even opened any malicious files. It spreads using an exploit in the Windows Server Message Block (SMB) 1 protocol found on older machines running operating systems like Windows 7, Windows Vista, Windows XP and Windows Server 2003.
Stopping the spread of this type of attack is difficult once it has started, but there are a few practices you can use to prevent it from infiltrating your network to begin with and reduce its chance of spreading.
Companies and individuals can use the following advice from an experienced Stamford, CT cybersecurity company to defend against ransomware attacks like WannaCry:
The Basics
At bare minimum, everyone worried about a ransomware attack should do the following:
- Update your Microsoft system with the latest patch, which protects against vulnerabilities
- Microsoft has also provided a new detection tool for finding WannaCrypt files using Windows Defender. Install and use this Defender.
- Install anti-virus software, which can recognize suspicious activities based on behavior patterns.
- You may also want to employ some sort of application control system, like a third-party firewall, which permits only familiar applications to run and requests permission for applications not included on the whitelist.
Going Beyond the Basics to Defend Against Ransomware
While all of the above tactics are effective, they barely scrape the surface of the type of protection your network needs against ransomware and other forms of malware.
Your first step is to have a data prioritization system connected to your backup schedule. WannaCry was effective at deleting backups stored on the cloud and on servers, so redundant backups on unshared network drives can provide an extra level of defense. Review your critical data needs monthly or quarterly and ensure that your most sensitive data and important documents can be restored from backup regularly.
You should also consider the architecture of your network as a whole. Many infected systems were made vulnerable because they had uncontrolled access to shared network drives, allowing the malware to automatically spread to uninfected computers.
The practice of network segmentation can aid in helping control infections from spreading to critical system components. Controlling access can reduce the risk of employees’ mistakes spreading to the most important network functions. Subdividing your network can similarly help by working like automatic watertight doors on a flooded ship, shutting off the spread automatically before it can do more damage.
Using a Stamford, CT Cybersecurity Company to Protect Your Files and Make Your Network More Secure
Configuring an antimalware system, firewalls, backup routines and an adequate network architecture to protect against ransomware attacks can be quite technical, with conditions that vary greatly depending on the business environment and use case.
Ensure that your business has the right defenses in place by using a Stamford cybersecurity consulting company that can analyze your current network and respond to potential threats with comprehensive security and network architecture solutions.