If the ransomware strikes, will you know what to do?
The formidable ransomware cyber attacks that have swept the globe and grabbed the headlines are still very likely, and today businesses and organisations will be on red alert worldwide. For now the kill switch for this ransomware variant is holding, but the ransomware only needs to be adjusted slightly by the hackers, and it can sidestep this line of defence.
It is expected that more WannaCry ransomware cyber attacks may be put back into action today, which could lead to an even more severe and long lasting attack. Security experts globally have shared their thoughts on the devastating cyber attack, and what can and must be done to maintain cyber safety.
Have Reliable Backups & Data response Plan
David Warburton, Senior Systems Engineer, Central Government and Defence, F5 Networks said: “There is no silver bullet for protecting against ransomware and the overwhelming concern for personal data is exactly what cyber-criminals are counting on. The individual ransom demands seem low, around $300, but this will add up quickly if hundreds or thousands of computers are affected. Although paying a ransom might encourage further attacks, the reality is that patient care could be affected in a very direct way if care givers are unable to access their systems. As with many aspects of information security, prevention is better than cure, but ransomware is very difficult to totally prevent.
“The NHS seems to have taken the best action they can – by shutting down systems they have limited the spread of the infection. For many organisations, the best methods currently available for combatting ransomware are to have reliable backups and an up to date response plan.”
Do Not Neglect Basic Cyber Hygiene
Brian Lord OBE, former Deputy Director GCHQ Cyber and Intelligence, now MD PGI Cyber said: “This would appear to be a wide ranging, well-coordinated Ransomware attack, using a new variant of Ransomware. It was well thought out, well-timed and well-coordinated. But fundamentally, there is nothing unusual about its delivery. It is still fundamentally robbery and extortion, albeit large scale
“Something like this was always inevitable. While organisations are distracted by high profile dramatized threats, such as Russian election hacking, they are neglecting basic cyber hygiene measures which can prevent the mass effectiveness of mass ransomware attacks like this.”
Fight Back With An Active Patching Strategy & Rapid Detection
Oliver Tavakoli, Chief Technology Officer at Vectra Networks said: “Unsupported software is an ongoing problem that highlights the limitations of software updates and patching as a primary line of defense. Microsoft provided a patch for this vulnerability that is available, but it doesn’t mean it was implemented on every Windows computer. The first step of any defense is an active patching strategy around known exploitable vulnerabilities. This would have closed the door on the Windows vulnerabilities exposed by the Shadow Brokers dump.”
“In the event where the vulnerability is unknown or there hasn’t been sufficient time to patch, organisations need a method for rapid detection and response. This should include monitoring internal traffic for attacker behaviours like reconnaissance, lateral movement and file encryption rather than attempting to detect specific ransomware variants in network flows or executables.”
“To prevent future attacks, we need to move to a model of detecting behaviour rather than detecting the specific tool or malware. Behaviour detection is much more effective, but requires in-depth analysis of network traffic. But with advances in AI augmenting security teams, we’re seeing the industry shift to identifying attacker behaviour in real time.”
Segment Your Network
David Emm, principal security researcher at Kaspersky Lab: “While we don’t know if the cyber attack also took down the telephony system, it does demonstrate the need for businesses to segment their network to ensure that in such attacks other aspects of the network are not affected. For example, don’t give administration rights to users by default and only allow access to data on a ‘need to access’ basis.”
Mike Viscuso CTO and co-founder at Carbon Black said: “Ransomware is an increasingly common attack vector at healthcare organisations since, once affected, they are essentially forced to pay. Access to patient data is quite literally, a life or death issue. As is the case with healthcare, prevention is always the best cure when it comes to cyberattacks. That said, organisations can better set themselves up to deal with ransomware attack by consistently backing up critical files, educating employees on proper cybersecurity hygiene, and patching vulnerabilities in a timely manner.”
The need for employees to gain the simple knowledge of cyber hygiene, and the risks that are associated with the process is essential in maintaining security and protecting against ransomware cyber attacks.
Gavin Millard, EMEA Technical Director of Tenable Network Security said: “It’s important that every organisation has a clear view of all systems that are vulnerable to MS17-010, the main bug targeted by WannaCry, and have a robust patching process to address quickly as I’m sure this isn’t the end of the exploitation of this particularly nasty software flaw.”