WannaCry Still Threatening Businesses
U.S. aircraft maker Boeing is the latest company hit by the infamous WannaCry malicious software (malware).
Early in the day of March 28, 2018, Mike VanderWel, chief engineer at Boeing Commercial Airplane Production Engineering, sent out a memo informing his colleagues about the WannaCry cyberattack at the company’s North Charleston, South Carolina production plant, The Seattle Timesreported.
VanderWel wrote that the cyberattack was “metastasizing” or spreading out of the company’s North Charleston production plant and could potentially “spread to airplane software”. By evening of March 28th, the company was calling for calm.
“We’ve done a final assessment,” Linda Mills, head of communications for Boeing Commercial Airplanes, said in a statement. “The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs.”
What Is WannaCry
WannaCry is a malware that wreaked havoc to hundreds of thousands of computers worldwide in May 2017. This malware locks out computer users by encrypting all the files on the computer and asks users for ransom payment for the files to be decrypted or unlocked.
Because it’s asking for ransom payment, WannaCry was initially labeled as a ransomware. A typical ransomware restricts access to a computer until a ransom is paid. WannaCry is, however, not your typical ransomware.
Even if an organization pays ransom to the attackers, the attackers themselves won’t be able to unlock computers infected by WannaCry as the code of this malware is written in such a way that even the attackers themselves can’t determine who paid ransom and who didn’t, making unlocking of files impossible.
The purpose, therefore, of WannaCry isn’t for profit but simply to unleash destruction, that is, destroy the digital files of an organization.
WannaCry though isn’t the only labeled ransomware that acts as a destructive malware. Many victims of ransomware attacks were unable to recover their files despite paying ransom. Ransom payment, therefore, doesn’t guarantee that files will be unlocked.
WannaCry particularly targets the security vulnerability in Windows operating systems, allowing remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (a means by which computers on a network can share access to files, printers and other network resources).
The operating systems particularly targeted by WannaCry are Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2 and Windows Server 2016 that haven’t installed the patch or security update released by Microsoft on March 14, 2017.
This malware also targeted these 3 Windows operating systems: Windows XP, Windows 8 and Windows Server 2003 – operating systems that Microsoft no longer issued security updates at the time of the attack. As a response to the May 2017 WannaCry attack, Microsoft released security updates meant to fix the security vulnerability exploited by WannaCry for these 3 originally unsupported operating systems.
The Seattle Times reported that aside from Boeing, other businesses were hit by WannaCry even after the May 2017 worldwide attack. The report cited one production plant was down for 24 hours and another for 96 hours. In these two instances, files were lost and before the production could restart, the operating systems have to be reinstalled from scratch.
Why WannaCry Is Still a Threat to Businesses
Here are some of the reasons why WannaCry still remains a threat to businesses:
- Worm-Like Ability
WannaCry malware has a worm-like ability. It has the ability to spread itself within network of computers without the need of human intervention. Once a single computer in your organization is infected by WannaCry, the infection will spread to other computers connected to your organization’s network.
- Difficulty in Patching
Even as Microsoft has issued a security update or a patch fixing the security vulnerability exploited by WannaCry, many businesses still haven’t patched their Windows operating system. Here are some of the reasons why businesses don’t patch their software:
- Too Many Updates
Cyberattackers are always on the lookout for security vulnerabilities. In the same manner, software vendors are always on the lookout to fix known security vulnerabilities. As such, security updates are released a number of times in a year.
- Fear of System Malfunction
Many businesses don’t update their server operating system for fear that this would break their critical custom-built software applications.
- Some Computers Can’t Be Patched
There are computers that can’t be updated. An example of a computer that can’t be updated is one that’s too old that the computer vendor has abandoned the release of software updates.
Cybersecurity Measures against WannaCry
Here are 5 cybersecurity measures to protect your organization’s network from WannaCry attack:
- Keep All Software Up-to-Date
Patching or installing the latest security update of all your organization’s software can minimize the entry points of malware like WannaCry.
- Backup Critical Data
The importance of backing up critical data can’t be overstated. Data can be lost not just through cyberattacks, but also via human error or ill-intention and via wrath of nature such as a hurricane. A backup will ensure that even if these untoward incidents will happen, your organization can restart again using the backup data.
- Apply Multi-Layered Security Defenses
In addition to keeping your software up-to-date and backing up data, it’s best to use multi-layered security defenses to your organization’s network. These multi-layered defenses at a minimum include an antivirus software, plus other security solutions like an email security solution that would scan suspicious email attachments.
- Isolate or Retire Certain Computers
Some computers can’t simply be patched or updated with the latest software. If this is the case, minimize WannaCry attack or other cyberattacks by isolating or retiring these computers.
At GenX, we offer cybersecurity services that’ll protect your organization from WannaCry and other cyber threats and attacks.