2017 was predicted to be the year of ransomware and so far it's living up to the hype. The methods and technologies for this particular type of cyber attack have gotten more refined, bolstered in no small part, by leaked exploits created by US government intelligence.
The latest threat that's making headline news is a new ransomware variant called "WannaCry". It's not hard to imagine how it got it's name. Infected PCs are locked out and must pay a ransom to get control back. What's worse, the ransom increases dramatically as the hours tick by.
Ransomware was a shock to the cybersecurity world when it first came out. Previously, viruses were certainly disruptive and potentially dangerous - but never was the computer's data so directly threatened. Also, never was the money trail so clear. When your PC has a ransomware virus most users think there's only one thing to do - pay the money and get your data back. In years past, I've worked on many different types of virus infections such as keyloggers, browser hijackers, rootkits, and the list goes on. Since cryptowall and other early ransomware threats arrived on the scene, I almost never see these types of viruses any more. I suspect the explanation for this is simple: they're not as lucrative for criminals as ransomware is.
So back to "WannaCry" and what's making the news today. What's different about it? The most shocking difference is that you don't have to do anything to get infected! Practically every virus requires some input from the user to complete it's evil deed. This virus simply requires that you're PC be on the same network as an infected computer. You can imagine that large networks with many PCs and servers are at enormous risk from this. To this end, many hospitals have been impacted by this requiring them to cancel outpatient appointments and compromising their ability to deal with health emergencies. This virus is able to spread throughout networks by exploiting a bug in Windows machines that don't have the latest security patches.
How to prevent ransomware
Despite all that's changed in cybersecurity, the prescription remains the same.
- This virus spreads in environments where the computers are not kept up to date - Managed Windows Updates and Managed Server Patching will address that issue.
- Ransomware viruses corrupt data by encrypting it or preventing access to it. Having a business continuity and data backup solution in place is the key to avoiding
- Prevention is the best medicine, ideally viruses should be blocked from entering a network in the first place through a good firewall appliance, email filtering, and desktop antivirus.
- We are experts in virus removal and remediation - if you are infected, our on demand IT services can help your business recover.
If you're concerned about viruses and the threats they pose to your business security - we're here to help. Contact us for a free risk assessment, we will provide you the knowledge you need to stay safe in a dangerous virtual world.