On the morning of May 12th, employees working at companies such as Britain’s National Health Care Service and Spain’s Telefonica, got a nasty surprise when they logged into their computers: a ransom note. And they were not alone. Within the next few days, security experts determined that over 230,000 computers in over 150 countries had been hit with the WannaCry ransomware cryptoworm. WannaCry spread across the internet infecting computers running older versions of Microsoft Windows.
Since then, a researcher found a”kill switch” in the worm’s code. By simply registering a domain, he was able to slow down the attack. The group over at Security Intelligence has done a masterful job at following the attack. They are updating their finding on their their website.
After the initial shock of the attack wore off, companies were left to deal with the fallout. And that’s what I’d like to discuss today. I’ll look at the current state of IT since the attack as well as some of the changes I expect to happen in the wake of this event.
The Patch Management Conundrum
WannaCry initially hit a number of large companies. That actually helped drive recognition of the attack, but also brought into question why so many computers were running without the latest Windows security patches. So how is it possible that established companies are running on unpatched systems?
There’s no simple answer to this question, but I have a few ideas that might help us understand why larger companies suffered the most. First, many IT administrators use group policies that control not only when, but which patches Windows can install. Some might wonder why IT wouldn’t just default to installing every security patch that Microsoft makes available. The fact is that some patches aren’t compatible with company applications. IT generally wants to test each patch on a small number of machines before rolling out updates to the entire company. This is usually a smart approach to patch management, but it’s a flaw that WannaCry was able to exploit with great success.
Microsoft has aggressively marketed Windows 10 to consumers and business customers. They even made it free or nearly free for a limited time. But not all hardware can run the latest version of Windows. That’s one explanation why most computers that were hit by the attack were running Windows 7. A much smaller number were running Windows XP or Windows Server 2003.
One thing we know for certain is that attacks like these actually sell a lot of Window licenses as companies retire old hardware and upgrade to new computers. I’m sure the tech savvy will claim the attacks will speed the move to Linux, but that claim is full of assumptions. A lot of business software requires Windows, which makes migrating to another platform expensive and time consuming. The fact remains that if your company is running older versions of Windows that Microsoft no longer supports, you’re in a vulnerable position.
The Cloud Consultant’s Role
The consultant’s role in the wake of attacks is an interesting one. This can be a time when companies will listen to your advice because they don’t want to be the next victim. Or maybe this is a good time to retire that older hardware and move to new PCs. Or move some employees to a DaaS or VDI solution. The cloud mitigates some of the risk, but not all. It’s still too early to tell, but I expect cloud providers to use WannaCry as a reason to move more computing to the cloud. Consultants should have a good idea of where that make sense and where it doesn’t.
No matter what you do, this is your time to shine. While some consultants will jack up their prices to take advantage of the situation, you can be the calm, level-headed voice. This is also a great time to push for better security prices and end-user education. Those often make for a tough sell during calm times.
Ransomware Is Modern Warfare
The operating system has become a kind of public utility in the same way roads, the post office and schools are used by us all. Shutting down a highway or the post office will have massive negative effects on society. The same goes for the operating system. Some would also put Google’s search engine into the same discussion, and I’d agree with them. Roads and schools must be maintained in order to be safe and effective. And so do operating systems.
The bad news is that operating systems are proliferating at a record clip. They aren’t just for desktops, laptops and phones. Today our watches, thermostats, security systems and our appliances require an operating system. That makes for incredibly powerful devices. But it also raises the risk that hackers could use them for harm.
We’ve already witnessed nations turning to cyber-warfare to disrupt their enemies or gain a political advantage. The Stuxnet worm was one of the first widely known worms that targeted Iran’s nuclear program. And recently, someone hacked into the email servers belonging to the Republicans and Democrat parties in the United States.
It’s clear that deploying cyber-weapons on an enemy can do as much damage as bombs and missiles. Imagine a criminal getting into the water treatment center or transportation hub of a city the size of New York. Or the mayhem one could cause by taking over the air traffic control system. It’s a scary thought.
The Need For Better Backups
As of a couple of days ago, those who created WannaCry have collected about $70,000 in ransom payments. That’s not a large amount given the number of infected computers. But it does speak to the fact that some victims felt they had no other choice than to pay the ransom. That’s unfortunate.
I’m not placing blame because I’d probably pony up the $300 if that were my only option. And yet this just underlines the need for every individual and company to have a solid backup plan. Having a product like StorageCraft ShadowProtect SPX in place gives you the option to roll back to a clean image. It even allows you to spin up images from the cloud to minimize downtime.
Taking a full system backup is a great solution for those who need to minimize downtown. At the very least, you need to backup your most critical files to an on-prem file share or cloud service. The sad fact of the matter is that those companies running older versions of Windows are the least likely to have a backup plan.
If you’re an IT consultant, now is the time to help your clients understand the importance of backups. WannaCry provides a real-world example for you to share with them. If anything good can come from the attack, WannaCry may help spur the replacement of out-of-date computers running unpatched software.
Conclusion: WannaCry Is Just the Beginning
As much damage as WannaCry caused, the reality is that it could have been much worse. A quick-thinking engineer took action that slowed the worm, and may have stopped it from spreading on to tens or hundreds of thousands of computers. We are already starting to see copycat versions of WannaCry show up around the world. And yet we rely on Microsoft to keep our computers and networks safe. Even the best operating systems have bugs and exploits. Installing the latest patches absolutely helps, and would have stopped WannaCry in its tracks.
Your best defense is to run a modern operating system on modern hardware whenever you can. It’s just not feasible to believe you can segregate older systems, and keep them off the network. There is no reason to be running Windows XP anymore. We are too connected for that to be a policy anymore.
Keep your computers patched. But have a backup plan in place. Educate your users whenever possible. And expect more attacks. This is the world we live in today.