- July 3, 2017
- Posted by: Mahesh Kulkarni
- Category: Blogs
On 12th May, a pandemic ransomware – WannaCry – infected millions of Windows OS systems worldwide and crippled operations in targeted utilities. Hospitals in the UK, telecom companies in Spain, car manufacturers and millions of average users fell victim to this cyberattack. Ransomware has by and large affected 40% of businesses over the past year, when a phenomenal rise was seen in this cyberattack. Ransomware attacks are growing exponentially at a rate of 350% per year and the lucrative malware market is estimated to be around one billion dollars on a world scale, according to the FBI.
Before diving into the ways to curb WannaCry, let us first look at what ransomware is. Ransomware is a malicious program that encrypts the files on a computer and renders them inoperable. This type of ransomware is called cryptors; wherein a ransom is demanded for providing an encryption key. The other type – blockers is where a system is completely locked out.
What is WannaCry Ransomware?
WannaCry is a cryptor ransomware that demands ransom in the form of Bitcoin. The malware affects systems running on Windows XP, for which Microsoft ended support in 2014. It scans and spreads over TCP port 445 – SMB vulnerability. It has the capability of encrypting files, compromising previously affected hosts, and spreading over the externally connected hosts, over the internet. It also makes use of ‘Doublepulsar’, a backdoor for running code on systems affected beforehand. WannaCry exploits the ‘EternalBlue’ module for scanning the SMB vulnerability. It then installs the ‘Doublepulsar’ backdoor to encrypt files and demand ransom. Although a kill switch domain, which registered the keysmash URL used by WannaCry to launch a live web page, temporarily shut down WannaCry, vulnerable systems are still at a risk.
How Manufacturers Can Reduce the Risk of WannaCry?
Manufacturing sector and utilities like power generation; for instance, nuclear power plants, rely heavily on legacy automation systems for daily operations of critical infrastructure. As most of these systems are not updated, they are vulnerable to WannaCry which exploits the software vulnerability in the Windows OS. Here are a few ways to curb WannaCry –
Microsoft has released a patch to mitigate the vulnerability exploited by WannaCry. Deploying this patch is the best means to reduce WannaCry risk. In addition, every connected system should be patched as WannaCry spreads across the internet affecting the externally connected hosts too.
Daily Data Backups
Just like preventive maintenance of machines, manufacturing sector should take daily backups of critical data to do away with the risk of systems being locked out by WannaCry. As the business scales, you will need a comprehensive disaster recovery plan that is tried and tested, along with training your personnel for security awareness.
Standardized Images and Benchmarked Network Performance
Using standardized images of OS and Desktops to recover infected systems and benchmarking network performance for every application to discover anomalies in the daily activity can help.
Monitor Web Browsing Traffic and Removable Media Access
Do not open links in suspicious ad spam emails, thoroughly scan every removable media like thumb drives to stay away from this malware.
Preventing Macros Execution and Monitoring All Software Installs
Your system can be attacked by ransomware which exploits macros, particularly in MS Office. Also, any software installs can increase this risk in a large organization. Hence, preventing these during code execution is a best practice to steer clear of WannaCry.
These were a few ways to reduce the risk of WannaCry ransomware threat that is looming large on every sector and the average users as well. Hope this helps.