WannaCry and Business Continuity – May 14, 2017

This is a quick update to everyone that the reported fix for the WannaCry Ransomware attack widely reported on Friday, May 12, 2017, may only be short term. 

Some news organizations are reporting the “accidental hero” who found the “kill switch” in the ransomware has solved the problem for good.  This is only partly true; the criminals who coded the original software will work around the “kill switch” and will release their ransomware again.

The general news media is spending too much time praising the accidental hero, who calls himself just MalwareTech, while the Information Security Gurus are all stating that this is just another wave of attacks in a multi-billion dollar industry.

Please do not be lulled into thinking that the problem is gone.

While following best practices is a good start, no matter how hard we try, another ransomware attack will eventually happen again.

When that day comes you will have two options:

  • The bad option
    1. Pay up the ransom with Bitcoin.
    2. Don’t have a Bitcoin account? It can take longer to acquire the Bitcoins than you may have to pay the ransom.  Depending on the news sources, the FBI’s official stance is to pay up if you don’t have the option mentioned below already in place.  You will probably have a better than 75 percent chance of getting your data back.  Most of the criminals behind ransomware attacks want to provide good customer service so that victims will pay the ransoms.  If victims rarely got their data back after paying, then no one would pay and the criminals would make nothing.  Many of them have even set up IT help desks to help victims work through the process.
  • The good option
    1. Tell the criminals a firm “No” and immediately deploy your Disaster Recovery Plan (DRP).
    2. If a server is attacked, Monon Technology Group will spin up the backup on a Backup Disaster Recovery (BDR) box, allowing businesses and their employees to get back to work.
    3. If workstations are attacked, Monon Technology Group will format hard drives and reinstall operating systems, which will keep businesses running.
    4. Company data should never be stored on local hard drives. In some instances, business owners and key employees will go against this advice. To avoid losing this data in a ransomware attack, Monon Technology Group will backup this data.
    5. This option is extremely dependent on practicing DRP, ensuring that all data is where it should be at all times and accessible to restore.

What are the best practices?

  • Keep systems patched.
    1. Most servers will patch with Critical and Important updates the second Tuesday of each month.
    2. Most workstations will patch with Critical and Important updates weekly.
    3. In most cases, all other updates require someone to physically release them.
    4. If a company prefers a more comprehensive update policy, Monon Technology Group is a Managed Service Provider that uses state of the art tools to automatically patch, monitor and remediate problems on computer systems.
  • Keep firewalls working with all the proper Unified Threat Management (UTM) functions.
    1. UTM includes functions such as Content Filtering, Gateway Antivirus, Intrusion Prevention, GEO-IP filtering, and blocking command and control BOTNets.
    2. The tighter the UTM, typically the more end users complain about these controls. It is possible to find the sweet spot that allows IT the controls needed while allowing businesses to work with as little interference as possible.
    3. Monon Technology Group utilizes SonicWALL firewalls that offer the above features. Businesses should review UTM functions regularly.
  • Do not allow end users administrative rights to local computers.
    1. This will cause some inconvenience as end users typically want to personalize local computers and some programs, such as QuickBooks, do not work as well without full administrative rights.
  • Do not allow standard users domain administrative rights on any network. Many business owners and in-house IT staff feel that they need to have complete access to their companies’ networks.  For the security of the company, business owners and in-house IT staff do not need and should not have complete network access under the account they log in with on a daily basis.
    1. Our recommendation is to create an “-admin” account that forces business owners and/or in-house IT staff to think about what they are doing before they make a change or allow something, i.e. ransomware, to run rampant on a network.
  • Train all employees, especially business owners and upper management, to be aware of Phishing emails.
    1. For example, how often does the owner of the company send the accountant an email asking him or her to transfer money to an account or how often does a receptionist receive a cute cat video that is then shared with more than half the company? Both of these emails are potential Phishing schemes.
    2. There are several services available for this type of training that will track how well every employee in a business, from the owners and key management down to the maintenance team, is doing at spotting Phishing emails.
    3. Monon Technology Group has partnered with one of the leaders in the security awareness industry to provide this training. If interested, please reach out to us for more information.
  • Know and practice the Disaster Recovery Plan (DRP).
    1. How often to practice depends on budgeting and how comfortable business owners are with downtime during DRP testing.
    2. How far back in time is acceptable for data recovery and how fast recovery time takes is not the same for every business.
    3. The previous point goes hand in hand with cost. The shorter the time that is acceptable for data loss and the faster the time for data recovery is generally more expensive and vice versa.  What business owners need to consider is how much revenue their companies are losing while down and recovering business functionality.
    4. Contact Monon Technology Group today for a calculator to help aid in this cost analysis.

 

Being proactive about Business Continuity is always better than being reactive to issues, such as ransomware. Contact Monon Technology Group today to learn more about ways to help protect businesses from man-made or natural disaster.