An exclusive interview with Montez Fitzpatrick, Director of Information Security and Compliance for Keystone Technologies.
Over the weekend, the WannaCry ransomware attack was reported widely in the media to have affected more than 200,000 computers in over 150 countries. Despite the breadth of the attack, only $50,000 in bitcoin payments have been made as of Monday morning (5/15/2017). Infected organizations were being asked for payments to decrypt files for $300, rising to $600 after 72 hours.
Ransomware attacks have been on the rise. In an U.S. government interagency report that was released in 2016, there have been 4,000 daily ransomware attacks since early 2016, a 300% increase over the 2015 rate of 1,000 daily reported attacks.
For answers and tips to prevent a WannaCry attack, MPA interviewed Montez Fitzpatrick, the Director of Information Security and Compliance for Keystone Technologies.
WannaCry has been described as ransomware. What is ransomware?
Simply put, ransomware is a malicious application or program. Once ransomware infects the victim's computer, the overarching goal is removing access to files. Those files tend to be documents, pictures, videos and other commonly used file types.
How does a computer or network get “infected?”
Good question, as of right now it is always a computer that becomes infected. We have not seen widespread infections which target network devices. The industry term for how a computer gets infected is called a 'vector.' The most common vector is still through an unsolicited e-mail message.
Sending out these e-mails with the hopes that an individual will click and execute the malicious application is called 'phishing.' Each iteration of phishing attempts are called 'campaigns.' Large campaigns tend to be covered in news-media hype cycles which make it seem that ransomware comes in waves. That is false, ransomware campaigns never stop.
Why is this attack so widespread?
WannaCry variants have some specific worm components, which are very sophisticated, that exploit weaknesses in older protocols on Windows computers. A portion of those sophisticated components were likely part of the National Security Agency's Tailored Access Operations division. Somehow the NSA lost control the source code which makes WannaCry variants possible. The hackers who stole the source code, published it online.
What are the basic steps that should be taken to reduce exposure to the WannaCry attack?
Microsoft issued a patch for supported operating systems back in March. In a somewhat unprecedented move, they issued a patch for Windows XP, Windows 8 and Windows Server 2003 last Friday. It is unprecedented as those operating systems are no longer officially supported.
What can be done to reduce exposure to future ransomware attacks?
It is not so simple. But healthy doses of security awareness, least privilege practices and good backup strategies go a long way. Each person should create their own "personal mental baseline." Be wary of e-mails and attachments from unknown sources. If someone you know sends you an e-mail which is uncharacteristic or atypical of the types of messages this person is known to send; reach out to that person via another channel, such as by phone, to verify the authenticity of that e-mail.
In 2016, the OCR published a Fact Sheet to assist covered entities and business associates in preventing and responding to ransomware attacks.
How to Protect Your Networks from Ransomware
Ransomware – What It Is and What to Do About It