Top 5 lessons WannaCry taught us
ITJobCafe 677 Times 333 People

The lack of skilled IT workers is hurting the deployment of emerging technology, according to a new survey from Gartner. In areas from cloud to cybersecurity, this crisis is expected to last for years to come.

When it hit the UK’s NHS, the news sparked discussions, and brought awareness of Ransomware and cyber security even in masses. Here, are the top 5 facts and lessons from the commentary:

Server Message Block version 1 (SMBv1) is obsolete and vulnerable. 

WannaCry took advantage of vulnerability in SMBv1 to spread across the network. The world has moved on to SMBv3 and Microsoft has been asking people to disable SMBv1. Windows needs SMBv1 disabled to be able to implement a comprehensive, multi-layer security policy.  Systems that run Windows 10 were safe from this particular attack but the vulnerability persists. If any app or device on a computer is dependent on SMBv1, then replacing it is the only solution to keeping the network safe.

Worms are back; unpatched networks are at high risk.

WannaCry is a combination of classic and modern malware techniques.  It encrypts files on a computer, replicates to other computers on the unpatched network, and then encrypts files on those computers as well.  With technologies like LANDESK and Shavlik, workstations and servers can be patched against worm replication. Investing in application whitelisting technology and controlling the use of Admin privileges are some more ways of mitigating the risk.

Systems running Windows 7 were hit.

Far from using a Zero-day, WannaCry spread due to vulnerability in Windows 7 for which Microsoft had issued a patch in March 2017. Data released by Kaspersky Lab revealed that 98 per cent of the affected computers were running some version of Windows 7.  A significantly small number of Windows XP systems also got affected by the Ransomware attack.  Microsoft issued patch to Windows XP only in emergency, after most of the damage was already done.

Malware analysis expert sinkholed WannaCry.

A malware analysis expert, while examining WannaCry strain discovered the kill switch in it. He found out that registering a domain that appeared in a gibberish URL that WannaCry uses to query will slow down the proliferation of the ransomware. The malicious traffic to that domain can be diverted to a sinkhole (a server environment that captures malicious traffic). The kill switch does not help the already locked down systems, but will buy time to secure the remaining systems.

WannaCry had significant capabilities.

WannaCry prompted the users to either pay or use a ‘demo’ version to unlock 50 files on the computer and inform the attacker that the account is live.  Though this is a fairly basic attack, it has takeaways for malware and ransomware writers. For instance, the future attackers can adopt time factor – put the price up every hour! Backing up data regularly, keeping software up to date and having a business network with a zero-trust model are some simple practices to keep computers and networks safe from malware attacks.



Comments:(0)

Leave a Reply