Looking for WannaCrypt ransomware defense? On Friday, May 12th, a large ransomware attack was launched, known as WannaCrypt (a.k.a. WannaCry). It infected more than 230,000 computers across 150 countries. This unprecedented cyberattack left organizations struggling in the aftermath as they try to recover. WannaCrypt demands payment of ransom in bitcoin and has spread in several ways: phishing emails and as a worm on unpatched computers.
The attackers responsible for WannaCrypt used the EternalBlue exploit which attacks computers running Microsoft Windows operating systems. Unfortunately, this could have been avoided by many had they installed the updated patch that was released as “critical” by Microsoft to mitigate this vulnerability on March 14th.
We are urging organizations to update this patch immediately. Always update patches in a timely manner – particularly critical updates. Organizations must be proactive with their security in order to defend against potential ransomware attacks. Here are four things your organization should do today to protect against a ransomware attack.
4 Ways to Prevent WannaCrypt Ransomware Attacks
Update. Updating security patches and keeping operating systems up to date is a critical activity for preventing a malicious cyber-attack, such as WannaCrypt. As organizations have learned from this devastating ransomware, weaknesses in applications and operating systems are the target of malicious hackers. Don’t leave a known vulnerability open to attack.
Backup. When organizations are victims of ransomware attacks, they are pressured to pay a ransom to get back all of their data and files that have been stolen and encrypted by the attackers. Performing regular backups on entire machines can ensure that the data that is critical to your business will still be available. Regularly performing backups for critical data, files, and systems can help make the recovery and restoration process quicker and easier.
Train. Your employees are always your weakest link. Ransomware targets the human element. By regularly training your employees to recognize and avoid phishing attempts and other strategically crafted social engineering attacks can lessen your chances of being the next WannaCrypt target. Ask us about our phishing assessments and security awareness training that can help spread awareness and educate the workforce.
Test. Performing an advanced external penetration test is a strategic approach to identify weaknesses in network and application security, as would a hacker. Penetration tests allow you to identify and prioritize your risks in order to prevent hackers from infiltrating your critical systems. It can also help you avoid a costly breach and loss of business operability that ransomware attacks will cause.
Don’t wait until it’s too late and you’ve become the next victim of a devastating ransomware attack like WannaCrypt. Do these things to prevent a ransomware attack today and don’t forget to perform regular risk assessments to ensure that you’re properly protecting your organization against any and all malicious threats.
Sarah Morris is a guest blogger for our audit partner, KirkpatrickPrice. The original blog post may be found here. Contact Sarah at firstname.lastname@example.org.