What have we learned from WannaCry?
WannaCry has been labelled “the biggest ransomware outbreak in history.” It crippled the NHS, hit international shipper FedEx and is believed to have infected 300,000 machines globally in 150 countries. Russia, Taiwan, Ukraine and India, being hardest hit according to Czech security firm Avast.
It’s estimated that removal of the virus takes a couple of hours, that’s 600,000 hours (albeit that large corporations can remove the virus from multiple machines at the same time) to remove a virus that could have been prevented in the first place.
What was the attack and how does it work?
WannaCry was delivered via phishing emails, cleverly disguised and worded in order to trick the recipient into opening attachments which then released the malware onto their system.
Once installed, the malicious code is able to gain control of the host machine and it locks files and encrypts them in a way that they can no longer be accessed. A window is then displayed, demanding payment in bitcoin in order to regain access.
My machine has WannaCry, what are my options?
Unfortunately even if the payment is made, there is no guarantee that the malicious code will be removed.
There are various guides on the internet such as this one that discusses the steps required to remove the malicious code, unfortunately this involves the removal of the files that have been encrypted and so data is lost.
Why was WannaCry preventable?
What’s frustrating about the WannaCry outbeak is that it was all largely preventable, had more Windows users simply installed the security patch Microsoft released in March (Unless that is you’re still unfortunate enough to be using Windows XP…).
The moral of the story?
Vulnerabilities in software are discovered on a daily basis and updates are released in order to patch the insecure elements of code. The sad part is that these updates are often ignored by end users, either because they don’t have the time to restart their machine, or perhaps they’re worried that updating a particular application’s code will break their site, resulting in lost time whilst they re-code elements of their site.
WannaCry is a warning as to what can happen if software is not kept up to date, 600,000 hours (the estimated time taken to clean all the globally infected machines) is a lot of time wasted and money lost. If there is an available update for any software that you use, I’d recommend you think about the consequences of not installing it, rather than the effects of installing it.
How can Clook help?
Whilst we can’t help harden your local machine, if you have services with us all security and patch updates are carried out by ourselves as part of our management service.
We also take daily backups, in the event of an issue arising you can always recover the previous day’s data.
If you have a cloud or dedicated server with ourselves and you host multiple accounts on the same server I would recommend that you get in touch with us to discuss CloudLinux and KernelCare.
CloudLinux – improves server stability, density, and security by isolating each tenant and giving them allocated server resources
KernelCare – automated kernel security updates without reboots