A lot has been written about the WannaCry ransomware attack that spread throughout the globe beginning on May 12 of this year. Perhaps due to the clever branding of the malware, the reaction to WannaCry has been remarkable. Companies from help desk ticketing vendors to log management software developers have personally called me attempting to sell me their product or service on the basis of its ability to stop ransomware like WannaCry. I can only assume that these sales teams, armed with scripts and little actual knowledge of WannaCry or ransomware in general, have been effective in executing this scare tactic approach, otherwise I wouldn’t keep seeing it. Time to set the record straight.
1. What do the statistics say?
- According to data from TrendMicro, WannaCry infected some 230,000 machines in 150 countries yet generated only about $110,000 in ransom since its launch on May 12.
- Cybersecurity Ventures predicts that Ransomware damage costs will exceed $5 billion in 2017, up more than 15X from the $325 million we saw in 2015.
- According to Cisco, ransomware is growing at a yearly rate of 350%.
- According to the FBI, Ransomware was the fastest growing cyber crime in 2016.
2. Is ransomware a problem?
- Yes, but only because those charged with protecting organizations (IT) that end up PAYING ransom are some combination of 1. Untrained, 2. Lazy, 3. Negligent. In other words, a company should NEVER have to pay a ransom! Now, I know some are reading this saying “I don’t have an IT budget.” Backup software and storage space are at all time low costs. You can have a full, real time backup to the cloud on your computer for as little as $2 per month or set up the backup software built into your operating system to an external hard drive for a one time cost of $60 (for the hard drive). Cost is simply not an excuse when it comes to backup.
3. How can I protect myself against ransomware?
- As I reference above, and wrote in our Ransomware Guide back in June of 2016, there has been a solution for ransomware for 25 years. It’s called backup. Should you protect yourself from getting hit in the first place? Of course (see next question), but the fact remains anybody with a good backup will never pay a dime to a cyber criminal for ransomware.
4. What would have stopped WannaCry?
- WannaCry, as with many other common types of malware, attacked a KNOWN VULNERABILITY that Microsoft had fixed two months prior to the outbreak on May 12. The basic cyber hygiene of turning on “automatic updates” for your Windows Operating system (or patch management for IT personnel) stopped WannaCry in it’s tracks even if it was downloaded by an unknowing user. Of course, when it comes to cyber security a defense in depth approach is always recommended, so in addition to patch management, an effective next generation firewall, advanced endpoint protection software with behavioral analysis, file backup that is regularly audited (see question 3 above), security monitoring (by personnel that know what they are doing), and the always difficult user training would have also prevented WannaCry.
As you can see, WannaCry was more of a wakeup call than it was a massive event. So, what should you do about it? If you are an individual, go turn on automatic updates on your computer operating syetm (links) and shell out the $10 per month for a good backup solution. If you don’t want to do it yourself, there are companies that do it all for you (see Ariento’s All In One solution for the self-employed). If you are a business owner, open your Windows updates and check if it is set to automatic. If not, a serious conversation with your IT person is in order. In that same conversation, ask them about data backup: Do we have it? How often does it backup? Is it on every computer or only servers? When is the last time we tested it (don’t let the next WannaCry be the first time you’ve tested your backup).
On the spectrum of cyber threats facing our business and our clients' businesses in today’s digital age, standard ransomware doesn’t even make my top 10. Variants of ransomware that have back doors written into the code and result in possible data breaches do make the list, however, and is a threat worth addressing (but now we’ve crossed over to the standard code execution category of malware). WannaCry, and the ransomware I reference above, is not that, and therefore doesn’t keep me up at night as at IT security person. If you don’t believe me, check out our ransomware guarantee we began offering a year ago.