Business continuity, Networking, Storage

Global WannaCry, WannaCrypt Ransomware Cyberattack: 5 Prevention Steps, 3 Recovery Steps

The global cybersecurity attack involving WannaCry / WannaCrypt ransomware, unleashed about 24 hours ago, continues to cripple thousands of Microsoft Windows-based computers worldwide. But it didn't have to be this way. Business, government and IT leaders could have taken five steps to avoid or at least greatly mitigate the damage.

They include:

1. Windows XP Migrations: Microsoft ended Windows XP support in April 2014. At the time, the company clearly stated it would no longer release security fixes and patches for Windows XP -- which originally launched in October 2001. Fast forward to present day, and the global cybersecurity attack infected some healthcare IT systems running Windows XP in the United Kingdom, The New York Times reports. Amid the current attacks, Microsoft has actually released three emergency patches for Windows XP, Windows 8 and Windows Server 2003.

2. Windows 10 Patch: Microsoft released a Windows 10 patch in March 2017 that closed an exploit that hackers are using for the current May 2017 attacks. But apparently, thousands of businesses, government organizations and IT managers failed to apply the patch ahead of the attacks.

3. Budget Properly: When it comes to choosing security tools and technologies, most SMB organizations make price their top consideration, according to a recent VIPRE survey. More than 70 percent of SMB IT managers say budget considerations have forced them to compromise on security features when purchasing endpoint security. Those price considerations belong in a broader discussion about IT budgeting. For instance, Britain's National Health Service suffered attacks this week -- yet failed to renew a support contract with Microsoft more than two years ago. In theory, that contract would have ensured NHS's systems were properly patched.

Scott Kinka
Evolve IP's Scott Kinka

4. Business Continuity, Backup and Security: Although Ransomware is a nasty problem, there are three basic steps companies can take to recover, according to Evolve IP CTO Scott Kinka.

  • Step 1: Disconnect from the network and stop backing data up immediately
  • Step 2: Remove ransomware and clean computers of malicious software
  • Step 3: Restore from the most recent clean backup

More broadly, ransomware mitigation should be part of an overall business continuity plan. In terms of technology, companies and partners should seek to connect the dots between IT security, backup, disaster recovery and business continuity. Several vendors (particularly Barracuda Networks and Datto) are connecting the dots between their backup and security offerings.

5. Hold NSA Accountable?: The conversation will likely shift from technology to politics over the next few days. The cyberattacks were based on knowledge and tools originally developed by the United States' National Security Agency. No doubt, the debate about U.S.-funded cyberhacking tools is set to intensify.

Without necessarily referring to the NSA's work, Intermedia VP Ryan Barrett noted that ransomware continues to evolve at "dangerously fast speeds." He added: "The next attack could target government institutions and incite cyber warfare." Added Andrew Bagrin, CEO of MyDigitalShield: "The well-funded (by us) malware/ransomware chefs are cooking up a storm, bringing together all the great ingredients that make us all want to cry."

6. Bonus Part I -  Wash, Rinse, Repeat: Let's face it. Businesses spend billions of dollars on IT security each year. But fallout from yesterday's attacks shows that most of us are still failing miserably at the basics. Secure Designs Inc. CTO Ron Culler sums up the situation pretty darn concisely: "Yesterday's attack could have been lessened or even prevented had the systems been patched and users been educated. Technology is a tool, and as with any tool to use it correctly you need education and practice."

7. Bonus Part II - How to Safeguard Customer Assets: Time for MSPs, VARs, partners and businesses to take a firm stand and truly safeguard customer assets. To learn how, stay tuned for ChannelE2E's next major move -- coming May 23. Ask Amy Katz ([email protected]) for details...

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.