It is a fact. Wannacry lives in our midst and is still a major threat to companies and organizations. Learn how to protect yourself effectively.
Wannacry, also known as WannaCrypt we first hosted 2017 in May, where he ran massively high-profile goals around the world. Some of the first major attacks, at 12 May, were targeted at the UK National Healthcare System, the transport company FedEx and the Spanish mobile telephony service Telefonica.
The Ransomware has managed to provoke chaos exploiting significant Windows vulnerability, allowing attackers to access systems, encrypt data, and require bitter ransom payments to decrypt and recover those data.
After two years, WannaCry is still a threat. As experts now warn, a significant number of companies and organizations are still vulnerable to WannaCry due to the use of older computer systems due to a lack of security investments and a general lack of security skills.
As researcher Andrew Morrison points out, "WannaCry is clearly a threat to a large number of unsupervised systems. Malicious agents can now easily detect unsupported systems and direct WannaCry to conduct targeted attacks. "
But this is not new. In fact, WannaCry used the same system as his predecessor, NotPetya. The actual toolkit that was used and stolen from NSA, continues to pose a threat to the creation of new variants of the attack. "While the patches that have been released are successfully experiencing the NSA and WannaCry toolkits, their use of new vulnerabilities is still a threat. Users believe they are safe because they did patch what they saw, but the threat evolved using the same set of tools and it can hit again. "
In particular, it is based on data obtained from the Shodan, there are more than 400.000 devices in the US that are still vulnerable to Wannacry. Systems primarily used in construction and industrial control systems are at a particular risk, as many of them work on older versions of Windows (or, in general, run on Windows, which certainly strengthens the threat). Companies are reluctant to proceed with system updates because the process may interfere with production capabilities.
What should companies do about it?
In order to remain a step ahead of the threat, organizations should conduct checks on their systems for updating their vulnerability systems and then look for tools and policies to make this practice more effective. A good example of this is to move in the direction of the strongest automation of the update procedures.
The second part is the procedures recovery and recovery. Organizations are trying to prepare their systems, data and business processes to withstand attacks through "air-gapped"Recovery solutions to have an entry point that is clean and unaffected by threats.
The basic concept of an air gap model is simple. If the data can not be accessed, then it can not be infected or destroyed. A simple implementation of this model typically involves capturing data security buffers in an offline storage system that is offline and therefore can not be connected to any public network.
This ensures that there are no vulnerabilities to exploit, and the data remains secure as malware can not be propagated, which allows safe storage of critical data and system recovery if needed without loss.