Pagoda Blog


WannaCry Ransomware Reminds Us Why It’s Important to Update Our Operating Systems

May 18, 2017

 

 

When was the last time you updated your operating system? What if ransomware attacked your computer and encrypted your files--would you have a recent backup so that you could easily recover all that you’d lost?

 

The WannaCry ransomware that first emerged in the UK healthcare system on Friday, May 12, has people across the world asking themselves these very questions. As of Monday, May 15, WannaCry has infiltrated over 300,000 computers across 150 countries by targeting a vulnerability in Microsoft’s operating system. The story is a real page-turner, including an NSA security breach, the potential involvement of North Korea, and a young, anonymous cyber hero whose kill switch discovery probably saved most of us in the U.S. from experiencing the attack.

 

Here’s a summary of what we know as of this article's publish date about the WannaCry attack and how to protect yourself in the future:

 

An NSA security breach led to the attack

The NSA was the first to discover the vulnerability in Windows operating system, and they recorded it for future use as an intelligence tool. Unfortunately, the attackers breached the NSA’s security system, stole the data, and used it to maliciously infect computers spanning all seven continents within 48 hours. How did the ransomware spread so quickly? Simply put, thousands of Microsoft users failed to install the critical security patch released by Microsoft back in March. If you’re unfamiliar with a security patch, it is essentially a software update that corrects a vulnerability in a system. Security patches are an effective form of prevention against cyberattacks, but only if people apply them quickly enough, and in this case, not enough people heeded Microsoft's advice.

Security patches only work if you use them …

Unlike other cyberattacks, WannaCry didn’t require that all the victims click a bad link to let in the ransomware. In a connected system, such as a large office where everyone uses the same network, only one person had to click the link, allowing the ransomware to infect their machine. Then, using the hacking tool stolen from the NSA, the ransomware was able to spread to other vulnerable machines on the network.

 

Part of the problem is the ubiquity of bootlegged Windows operating systems in countries like China. Microsoft isn’t responsible for providing security patches for these systems, leaving them open to attacks. There are also a significant number of people on antiquated operating systems, like Windows XP, and Microsoft doesn’t normally create security patches for outdated systems either. WannaCry spread so quickly, however, that Microsoft created patches for both bootlegged and outdated systems, but the damage was already done. In the UK where the ransomware first spread, hospitals had to turn away patients in need of emergency care, reminding us that a cyberattack can threaten more than just data.

 

An anonymous hero and an obvious kill switch  

Fortunately, a 22-year-old cybersecurity researcher in England who writes under the pseudonym MalwareTech, found a kill switch--a line of code that allows the developers to stop the ransomware before it gets out of hand. The young coder (who chose to remain anonymous to protect his identity) was able to trigger the kill switch, halting the spread of the ransomware and saving large portions of the US from experiencing this attack.

 

Some are hypothesizing that the obvious kill switch could be a sign of amateur hackers at work. This hypothesis is also backed up by the low ransom (only $300 in bitcoins), and the manual setup for collecting the ransom. (Apparently the hackers had to manually send each victim a code to collect the bitcoin payment. They also were only using three bitcoin addresses to collect payments instead of generating a new one each time, which would make the payments much harder to track.)

 

So where exactly does North Korea factor in? Google security researcher Neel Mehta found similarities between WannaCry ransomware and the malware used by Lazarus, a group linked to North Korea responsible for the cyberattack on Sony Pictures in 2014 and the attack on a Bangladeshi bank in 2016.

 

Whoever launched this attack has sent a message (intended or otherwise) that our cybersecurity practices worldwide are in dire need of an upgrade.

 

How to protect yourself from future attacks

Although our anonymous cybersecurity hero has stopped the spread of WannaCry ransomware for now, it likely will return. The hackers only need to create new variants of the kill switch to relaunch the attack or they may remove the kill switch altogether. Any new future cyberattacks will likely be far more sophisticated, which means everyone needs to properly secure their operating systems before the next wave of malware or ransomware emerges.

 

Learn about past ransomware attacks in a previous blog post: 2016: The Year of Ransomware

 

Whether you’re an individual or a company, here are several precautions you can take to prevent a future cyberattack:

 

  • Keep your operating system(s) up to date
  • Never open files from an unknown sender
  • Invest in antivirus software with realtime protection and updates
  • Don’t open links with file extensions like ".exe," ".vbs" and ".scr."
  • Enable the "Show file extensions" option in the Windows settings on your computer so that you can spot potentially malicious files.
  • Always backup your data on a separate system and perform daily backups

 

Related post: Best Practices for Securing Your Devices While Traveling

 

 

If you do experience an attack or think your machine may be infected, follow these steps:

 

  • Disconnect your machine immediately from the Internet or other network connections (such as home Wi-Fi)
  • Don’t pay the ransom - it only encourages future hackers and doesn’t guarantee the recovery of your lost files
  • Update your malware protection and operating system. (This may require using another computer to download updates that you then transfer to the infected system with an external drive).

 

Related post: Cybersecurity for Electronic Devices

 

 

The biggest takeaway for individuals from the WannaCry attack is that you should update your operating system whenever prompted, including security patches. If everyone using the Windows operating system had patched the vulnerability, the hackers would have been far less successful. It’s also important to always backup your data to an external source so that you can easily retrieve your files without paying a ransom.

 

Have further questions or concerns about the WannaCry attack or about ransomware in general? Here at Pagoda, we manage operating system updates and other layered security measures for our clients to protect against attacks like WannaCry. We’d love to hear from you and help you improve your cybersecurity at home and at work. Get in touch.

 

 

Image: Ransomware by Marco Verch. CC BY 2.0.

 

Related posts: The Fate of Internet Privacy Protection and Your Personal Electronic Data

 

7 Cybersecurity Myths Debunked

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a complimentary IT consultation.

 




Return to Pagoda Blog Main Page