7 Steps to Defend Against the Ransomware WannaCry’s Potential Phase Two Attack
As of last Friday, Kaspersky recorded 45,000 detections of the variant malware in 74 countries. There were 1600 infections in the US, 11,200 in Russia and 6,500 in China. Victims were asked to pay $300 (and rises to $600 before destroying files) to remove the infection from PCs. Windows based systems are affected as a result of preexisting vulnerabilities. “WannaCry is coming through spam, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a .zip file, and once clicked, that initiates a WannaCry infection.”
It was expected this attack would worsen over the weekend, but Friday afternoon, in England, a 22 year old cyber researcher was able to accidentally locate the kill switch by registering the web domain name of the Ransomware.
It has been revealed that there are more variants of the replicating worm that do not include a kill switch and more malware infections are expected this week.
To prepare for the week:
Malware Prevention – Make sure your anti-virus and anti-malware are updated.
Redundancy – Ensure your data is backed up consistently throughout the day. The more often your data is backed up to a separate server or cloud source the less vulnerable you will be to ransomware (paying the amount asked for).
Security Configuration – Microsoft has fixed the vulnerabilities. Install security patches for MS Windows.
Network Security – Install updates and reboot for MS Windows. Monitor all system networks, test security controls and limit user privileges.
Training and Education – Remind teams to be very careful about what emails they open and what links they click on.
Mobile and Home Security – Install updates on your personal computer and mobile devices. Keep business email communication and data on company devices and personal devices separate.
Incident Management – Establish a disaster recovery plan to respond to incidents and report criminal incidents to law enforcement.
Jessica Robinson is CEO of PurePoint International which focuses in bridging the gap between physical and cyber security.