No Wanna – No Cry or the Ways to Prevent Ransomware Attacks

Editor’s note: Dmitry has compiled a quick guide to securing your business from threats drawing on the example of WannaCry malware and listed the precaution measures we take at ScienceSoft to prevent similar attacks. If you want to reveal network security weaknesses and protect your business from malware attacks, consider exploring our offer in vulnerability assessment services.

On May 12, 2017, the WannaCry extortion attack wreaked mayhem at hundreds of thousands of computers in 150 countries. The ransomware, which exploited MS Windows vulnerabilities, was not a specifically targeted malware, so it affected home users, small- and large-scale enterprises and public services throughout the world.

One of the victims was the UK National Health Service (NHS). It suffered the WannaCry cyberhack that made hospitals unable to access their information systems. As a result, a risk of losing and compromising sensitive patients’ data arose.

As Benjamin Franklin put it, “an ounce of prevention is worth a pound of cure”. You never know when an attack may happen again, so let’s look what could have prevented the WannaCry offence and how to protect oneself from similar threats, such as ransomware at workplace and Petya/NotPetya outbreaks.

Don’t stick to the past

Most ransomware exploits vulnerabilities in operating systems. In particular, WannaCry malware uses security gaps in Microsoft Windows OS.

Many computer users are still clinging to Windows XP and Windows 7, refusing to migrate to a modern OS version, and that poses a threat for users’ security. For example, NHS was relying on Windows XP, and that is considered the major reason for NHS hack success.

Sticking to XP puts your cyber security at considerable risk, since Microsoft ceased releasing security updates as well as technical support for this system back in 2014. Although receiving updates, Windows 7 is not secure either due to multiple unpatched vulnerabilities. Almost 98% of WannaCry victims throughout the world were running Windows 7.

Migration to a newer OS with regular security updates will considerably reduce the risk of malware penetration into a network, but you should keep in mind other ways of protection.

Filter web browser traffic

Like most of malware, WannaCry spreads through the web, so experts providing cybersecurity consulting recommend filtering web browser traffic. A common way to monitor http(s) activities in your network is to employ a proxy server. It allows whitelisting desirable IP addresses and blacklisting potentially dangerous ones, for example Tor IP addresses. (Hackers massively employ Tor exit nodes, as Tor enables users to anonymize themselves on the net by separating identification and routing.)

To detect Tor, security specialists use SIEM systems (for monitoring access to Tor addresses) and proxy servers (for blocking access to Tor end points). SIEM and Proxy logs should be correlated with a Tor exit node list. Such lists are published on the internet and are constantly updated. Make sure that your proxy server is fine-tuned to receive the updates on a timely basis.

Check backups

The most secure way to prevent your valuable data from being corrupted is to make backups. As a typical ransomware, WannaCry encrypts files and then deletes them together with shadow copies on the compromised computer. Thus, it’s recommended to keep your backup data on external portable hard drive, CD/DVD/Blue-Ray disks or flash drives, which will enable you to restore all the information after the ransomware is removed from the system.

Use a complex approach

Striving to keep our digital data safe, we are forced into the rat race with constantly evolving ransomware attacks. To take the lead, we need a complex approach to information security. Opting for a modern OS version, patching OS vulnerabilities, filtering web browser traffic and making file backups will strengthen your data protection layer by layer.