Ransomware is Spreading Like Worms: Are You Ready?

Nicescene/Shutterstock.com

The WannaCry outbreak should be scary. Here are tips to prevent falling victim to the next wave.

The #CyberAvengers are a group of salty and experienced professionals who have decided to work together to help keep this nation and its data safe and secure. They are Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma and Christophe Veltsos.

Curiosity turned blind luck saved us from something far worse from what we saw Friday as the Wanna Cry ransomware spread across the globe. Had it not been for a British malware researcher registering some gobbledygook of a domain name, who knows what we would be writing about today. At the rate we are going, if we were cats, we would be burning through our nine lives faster than Tony Stark builds Ironman suits.

In our last post, we said to stop sensationalizing. We mean that. So by no means should you think we are a tad bit overly hysterical because WannaCry did spook us all out. Friday’s episode is proof positive of three things:

  • Things can get wildly out of control real fast.
  • Cyber weapons have made it out into the wild and will be used against us.
  • We were horribly unprepared for this attack; we are still horribly unprepared for the next attack.

Luck—while a critical aspect of life—is not an effective resilience strategy. WannaCry has already been modified and there are variants with no “kill switch” in the code. More hurt is in order for the unprepared.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

What should concern us all was the brazenness of this attack. Everything was fair game: telecom, banks, health care, universities, and latest count is that people “wanna cry” in 150 countries. That’s some aggressive foreign policy when you negatively impact 75 percent of the world’s nations in 72 hours.  

The attack on health care is particularly disturbing—losing money is never fun, losing lives is worse—but not unexpected and perhaps even overdue. Health care is a peculiar industry because of competing interests. Specifically:

  • Patients and users require speed, but information security often takes time to process, putting the needs of front-line staff in opposition to the wants of security staff.
  • Management must be committed to quality care and their fiduciary duties, no easy task in an environment of competing needs.
  • Effective sharing of confidential patient information among primary-care physicians, hospitals and medical specialists has myriad benefits, but sharing introduces numerous potential points of failure. 
  • Budgetary constraints are felt more than in most industries as health care funding is becoming more difficult to secure and cybersecurity costs keep rising.

There is this issue, of course, that applies to all leading-edge firms, not just those in health care: If you want to be recognized as the leader of your field, you also have the biggest, juiciest target tattooed to your back.

And of course, there is this thing called emotion. It is possible you will dial your “freak-out factor” to 11 if you are already in a life-and-danger situation and suddenly find out your computer is useless to you. Should you find yourself in this situation, scrambling to find $300 worth of these funny things called bitcoins may be a cheap way out.

We need to underscore how lucky we were and it is quite possible by the time you read this, we could feel additional waves of WannaCry. Here are some quick solutions and things to think about:

Back up your crown jewels like it’s going out of style. If you did not back up your data this past weekend, whether offline or on the cloud (or both), you deserve a failing grade. Malicious actors have proof ransomware pays off. As long as there are people willing to pay, malicious actors will keep on putting out ransomware. The only way to stop this tactic is to eliminate the incentive. Losing one day’s worth of data is a whole lot less painful than your entire digital library. Over the long term, the costs of doing nothing are exceedingly higher than doing something, so find an option that keeps your data out of harm’s way. Backing up your data should become as regular and mundane as brushing your teeth (and you know what happens when you do not brush your teeth).

Have a recovery plan that can be activated in minimal time. Have clean images of operating systems and critical applications ready to be installed in a moment’s notice. Of course, this is under the assumption you have your data backed up and ready to follow. And by the way, if you have not tested your plan, you do not have a plan. If you decide not to test your plan, make it out of wood and knock on it for good luck. You may increase your chances of success.

Prepare for the Stone Age. We are actually very serious here. For anybody born before 1989, there is a pretty good chance you used a pencil and paper somewhat regularly while growing up. This may come as a shock to some, but for a good 5,000 years or so, we got through life without electricity and digital technologies. It was not pretty at times, but in a pinch, it works. Remember, your success depends on your ability to bend while others are breaking. If you are able to operate with “Stone Age technology” for 72 hours, you are ahead of the game. If we are all down for more than 72 hours, chances are we have a much bigger problem on our hands (like war).

Look before you cross the road (think before you click!). Would you cross a busy freeway of speeding cars going in both directions without looking? So why would you just click something out of curiosity or because you are too lazy to look where it could take you? Hover over a link and make sure the link goes to where it says it will go. Read the email closely (one of us received an email from “concast.com” this week). And if it feels wrong, just press delete. Do not become the next “phish” that gets hooked!

Do not wait for the dam to come apart before you start patching. Enterprises are notoriously slow at patching their systems. This is particularly true of small-to-medium businesses. If you cannot do this, team up with a managed service provider or managed security service provider. If you are not “patching and praying” on a regular basis, you are committing “sin” and will likely be punished for your misdeeds.

If you can afford it, seriously consider artificial intelligence, machine learning and cognitive computing. We are still early into the wide-spread commercialization of these offerings, but they are the way of the future. If you identify and stop—or even slow down—an attack before it ruins your day by using any one of these technologies, it is a win for your organization.

Putting all your eggs in one basket means they can all break at once. Sometimes, keeping things apart is a good idea. In our mad rush to connect EVERYTHING, perhaps we overlooked some basics. We really need to ask questions such as: Do I really want the sales department to have the ability to connect to our superadvanced R&D department? Logical and physical segmentation of network and data assets needs to be looked at in more depth as a viable strategy (and remember you can use the cloud in this strategy).  

Sharing is caring. The need for enhanced public/private cooperation will be critical in maintaining a knowledge base to track and counter future ransomware cyber threats. The new NIST Framework in conjunction with the Homeland Security Department's cyber-threat information-sharing program implemented as part of the 2016 Cybersecurity Information Sharing Act is a good basis to encourage more sharing of information threats. And the cybersecurity executive order from May 11 is a good step in the right direction.

Time to have a serious policy discussion on zero-day vulnerabilities and other exploits. Zero-day vulnerabilities and other exploits should be treated like neutron bombs able to run amok. Seriously. Note: We are all patriots first and understand our nation’s military and intelligence agencies require—need—the ability to take advantage of these exploits, but if we are to keep a cache of these weapons in a stockpile, they need to be protected like the launch codes. If one of the vulnerabilities gets out in the wild, patch it up at warp speed.

We offer these practical solutions to you in order to protect and secure what matters most to all of us. We dodged a serious bullet on Friday and by no means are we in the clear. Let this be a lesson to us because, by the time you read this, we may be feeling WannaCry Vol. 2.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.