A week has passed since WannaCry ransomware spread across the world. Now that the initial “shock and awe” reaction has subsided a bit, we can look at the ransomware a little more rationally and see what we can learn from it.
Point one: Too many companies and individuals are not prepared to handle ransomware. The 2017 CIGI-Ipsos Global Survey on Internet Security and Trust found that users remain largely unprepared for a ransomware attack and don’t know how it works, with 22 percent saying they would call law enforcement to retrieve data, 15 percent saying they would contact their Internet Service Provider and 9 percent saying they would hire a private firm. These organizations, of course, can do little to save your data. You need to rely on your backup system or pay the ransom. Only 16 percent said they’d turn to their backed up data.
WannaCry also highlighted the problems involved with protecting legacy systems and software and operating systems that are no longer supported by their developers, Erez Breiman, CTO with Minera Labs, told me in an email comment. Microsoft had to issue an emergency patch for Windows XP, an OS it stopped supporting years ago, but one that so many companies and users refuse to give up. Breiman said to me:
As we already know, WannaCry uses a well-known exploit to access vulnerable machines via the SMB protocol. Optimized for the speed of propagation, this worm doesn’t attempt to hiding itself or attempt to evade detection mechanisms. After all, systems that are missing patches and that are not isolated behind a firewall that blocks unnecessary ports are also missing baseline antivirus and other endpoint security products.
And then there is the health care problem. When ransomware hits a health care facility, the malware takes on a life or death urgency, as we saw last week. Back in March, then-FBI Director James Comey spoke at a cybersecurity conference and declared that cybercriminals are using the health care industry as a piggy bank, thanks to ransomware attacks. Why are cybercriminals targeting health care? One is the vast amount of valuable data. Another is that life-or-death urgency; when hospitals go down, there is simply too much at stake and cybercriminals count on that ransom being paid quickly.
But why is the health care industry so vulnerable to attacks? Again, this is an answer that appears to have multiple parts. At least one news outlet reported that in the attack against Britain’s National Health Service, the problem may have been with legacy systems and the NHS’ possible use of Windows XP, but some say the problem was unpatched Windows 7 computers.
Another potential issue posited by Moshe Ben-Simon, co-founder and VP services at Trapx, is HIPAA compliance. Ben-Simon said to me in an email comment:
Due to compliance regulations, such as HIPAA, health care network admins cannot easily update Internet-connected medical devices with the newest operating systems and patches. These devices are sealed to protect the equipment from failure in the event a software update inadvertently affects the operation of the device. While this ultimately protects patients from potential harm from a malfunctioning device, it has the potential to leave the network open to attackers who are finding new ways to exploit old vulnerabilities, such as the recent WannaCry attack. If these devices aren’t updated by the manufacturers immediately, they will continue to be susceptible to these types of attacks.
These are just some of the revelations we’re learning as a result of WannaCry. The common thread: Back up your data and keep current on upgrades and patches. (I would add don’t fall for phishing scams, but that’s another rant for another day.)
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba