Patch Your Gaps: Why Enterprises Fall Victim To Ransomware
It’s a new global attack, but the same old gaps in security.
A ransomware attack struck the global economy yet again this week, shutting down operations for enterprises far and wide, exploiting network security gaps and forcing victims to pay in cryptocurrency to have their data restored from “military grade” encryption by hackers.
Much like the WannaCry ransomware attack in May, this virus spread far and wide quickly, going after older, unpatched Microsoft operating systems. Similarly to WannyCry, the attack began in the EU, but quick hit dozens of countries before news and awareness was spread.
According to the New York Times, more than 12,500 machines running older Windows platforms were hit in the Ukraine, and from there touched 64 more countries by end of day Tuesday. Enterprises who’ve confirmed they were hit including pharmaceutical giant Merck; Danish shipping company AP Moller-Maersk; Russian energy company Rosneft; American food company Mondelez International; and a unit of BNP Paribas bank, among others.
Unlike WannaCry, the current virus has yet to be killed and continues wreaking havoc more than 24 hours after its release.
When infected, users were hit with a red screen alerting them that their hard drive had been locked down, and instructed victims to download the Tor Browser and enter a personal decryption code (provided on the alert). According to CNNMoney, the attack was seeking $300 in Bitcoin to unlock the files, but also said the email address associated with the attack was blocked, so even if victims paid, files would not be unlocked.
The virus is being spread via EternalBlue, a tool taking advantages of weakness in Microsoft Windows, although a patch for that specific vulnerability was released in March. If administrators did not make the update, they were automatically susceptible to the ransomware.
While the current attack isn’t spreading across the web like WannaCry, it’s quickly working its way through corporate networks and encrypting entire hard drives, not just files like its predecessor.
So, how can employees in your enterprise protect their individual devices from falling prey to ransomware attacks? Here’s a checklist everyone should be aware of:
- Always keep security software up to date on devices
- Keep the OS and other software updated by installing patches, which are created to secure vulnerabilities
- The most heavily used form of infection method is via email. Do not blindly open email attachments or links, especially if it’s not coming from a trusted source
- Back up important data. If an employee’s device was victimized by WannaCry, the encryption would not have had as severe an effect if that device’s data was resting elsewhere and easily accessible to the user