Most anniversaries are celebrated with balloons, flowers, or maybe a nice dinner. This anniversary, not so much. It was a beautiful spring morning in May 2017. Birds were chirping, the sun was shining as I came into work. All was right with the world. Then we started getting word of something called “Wannacry” or “Wannacrypt” and the day just went to, well, you know.
This nasty little ransomware crypto worm started targeting Windows operating systems using an EternalBlue exploit on unpatched machines. Soon Wannacry had infected more than 200,000 computers across 150 countries. Wannacry would encrypt the computer’s files, making them inaccessible unless the user paid a ransom in Bitcoin. The damage from Wannacry is estimated to be in the hundreds of millions of dollars. So yeah, not the kind of anniversary one likes to celebrate.
Why Did It Happen?
Wannacry did not have to spread as quickly as it did. Earlier that year, Microsoft had released a patch that would have drastically slowed the spread of Wannacry. So what happened? Simple, patches are only effective if they are applied. It’s kind of like leaving your front door unlocked. Someone could walk into your house and start eating cookies. “How did you get in here? I have a lock on my door!” you ask. Maybe you should, I don’t know, engage the lock?
As Wannacry continued to infect more and more computers around the world, I sat in on a conference call with several experts in cybersecurity. I’ll never forget the presenter’s opening line. He said; “What is the number one thing you can do to prevent this kind of attack? Stay patched, stay patched, stay patched!” Good advice then. Good advice now. The vast majority of infected machines had not applied the Microsoft patch that had been released months earlier.
Not If But When
Running out of date software puts your machines at risk. Case in point; the city of Baltimore fell victim to a cyber attack on May 7th of this year. Hackers used vicious ransomware called RobinHood that makes it impossible to access server data without the encryption key. The city can’t access its files and is unable to access email, process payments to city departments or process real estate transactions. The hackers are demanding about $100,000 in Bitcoin to release the information. At this time, the city of Baltimore is declining to pay the ransom.
Baltimore officials are now faced with the daunting task of rebuilding the IT infrastructure and creating paper processes to conduct city business. Yes, I said paper! Baltimore is not alone. Many other cities and municipalities have faced similar attacks that have caused IT infrastructure and financial damage. The root cause of most of these attacks has been old hardware and out of date software. By not keeping your machines patched and up to date, you are essentially leaving your front door unlocked, inviting the bad guys into the party at your house, eat everything but the brown M&M’s and then trash the place on the way out. Sounds like fun, right?
What To Do?
I know we’ve talked a lot about patching to prevent malware. Hey, it’s what we do and we do it well. Patching is the first line of defense but it isn’t the only preventative measure. Installing Anti-Virus and keeping it up to date, securing your network, running regular scans, using strong passwords, and teaching your people not to click on bright shiny objects or that offer from the prince overseas are all just the tip of the iceberg in securing your environment. It can be dangerous out there in cyberspace. Be safe and stay patched my friends.