On Friday, a massive global ransomware attack (using the ransomware known at WannaCry or Wanna Decryptor) attacked thousands of computer networks in over 150 countries. Reports this morning indicate that as workers return to their computers and continue to open phishing emails, the attacks are continuing to spread again. (The attack was partially stymied by a twenty-two year-old hacker in England over the weekend.) The attack caused the National Health Service in England to have to turn away patients at emergency rooms, affected major companies like Fed Ex and forced Brazil’s social security system to shut down its network. Russian companies and government agencies were reportedly hit hard as well.
This looks to be the most widespread ransomware attack to date and it is targeting a vulnerability in Microsoft Windows. Microsoft released a patch for this vulnerability in March and has said that it added new protections to its standard anti-virus software on Friday to address the current attack. According to Microsoft, anyone running Windows anti-virus with Windows updates enabled is secure.
Microsoft released the patch for this vulnerability almost two months ago. Every company should have regular vulnerability patching as part of their core cybersecurity management. Even though many companies want to test patches before installing them (which is a good idea), the vulnerabilities exposed by this attack in corporate systems after two months reveals simple neglect of the basic best-practice of patching.
This vulnerability in Windows was revealed by the hacking group Shadow Brokers, which says it became aware of the vulnerability by hacking the NSA’s trove of application vulnerabilities used in espionage and cyber warfare. Over the weekend, Microsoft’s general counsel added some authority to this claim, saying Microsoft believed the vulnerability was stolen from the NSA and that having this type of information stolen from the government is akin to ‘losing Tomahawk missiles.’
At the end of the day, every business should have regular, managed IT support that is taking following, at a minimum, simple best practices that include timely vulnerability patching. And in the world of ransomware, they should certainly also have managed data back-up systems in place.