Are you prepared to manage a Ransomware Attack?

ransomware cybersecurity attacks

In the wake of WannaCry Ransomware attack which has plagued the world since Friday, we want to remind companies about the best course of action to prevent themselves from attack.

Cybersecurity Brain has put together 5 questions you need to ask yourself in order to better help you prevent attacks like this in the future

ransomware

About WannaCry

A vulnerability in a Microsoft systems hitting 150 countries and affecting over 75,000 machines. The exploit was discovered last Friday by a malware analysis expert who calls himself MalwareTech. The origins are still unknown (possible links to North Korea) but the Kill Switch is available online. It is recommended that you patch your systems immediately to prevent further exploit of your network. Over $70K USD has been paid out already by companies who have been locked out of their systems. Some high profile victims of Fridays attack are; National Health Service in the UK, Spain’s Telefónica, FedEx, Russian Govt, as well as some Canadian companies including Saskatchewan Government, and Lakeridge Health in Ontario

 

5 questions you need to ask yourself

1. Do you have a contingency plan in place?

 

2. Are your employees trained to deal with it?

  • Has your Security team been trained to prevent these types of attacks?
  • Are they aware of the necessary action steps?
  • CSB recommends you up-skill staff on the latest threats. Seek expert help from your local Cybersecurity reseller, ask them for a half day informational workshop.

 

3. Are your most important assets are secure?

  • Where is your IP? Where on the network? Can it be locked down?
  • CSB recommends that you do an asset review on all  servers, machines, and business critical applications to ensure they are locked down and secure.

 

4. Are you confident your network is secure?

  • When was the last time your network and systems were audited?
  • When was the last time you had a internal/external vulnerability scan?
  • Do you servers and systems have the latest patches? Do you have a patch management system in place for company servers and apps?
  • CSB recommends that you get a penetration test by a 3rd party Security testing company

 

5. Do you have Policies and Procedures?

  • Is there a formal process in place for prevention, management, alert of cyberattacks? Does your company have ongoing education for employees in Cybersecurity. Are you employees update date with the Threat Landscape?
  • How are you educating yourself or your team? Internal processes, policies, awareness training, etc.
  • Completing the industries best certifications tracks can help by guiding the adoption of formal structures for tackling cyber attacks
  • CSB recommends that employees achieve basic certification status, and that management builds a roadmap for execution on continuous development of Security teams

 

ransomware workshop


Ransomware : How it works

Ransomware attacks encrypt documents such as photos, videos, spreadsheets and presentations. This attack held users hostage by freezing their computers, popping up a red screen with the words, “Oops, your files have been encrypted!” and demanding money in the form of an online bitcoin payment — $300 at first, possibly rising to $600 before it destroys files.

While phishing schemes that encourage users to open infected attachments often play a part in the spread of ransomware, the jury is still out in this case. It seems worm-like processes in which a tainted computer scans other computers in a network have helped increase the damage.

WannaCry exploited a vulnerability in Microsoft operating systems. Microsoft released a patch in March for more recent versions of Windows, but those who didn’t update, or those running versions older versions of Windows no longer actively supported, remained vulnerable.

The company issued a new patch for older Windows versions on May 12 after reports emerged of the far-ranging WannaCry attack, an unusual step. As a result Windows versions from XP onwards now have patches — though they must be applied for the protection to work.

wanncry

Should local Canadian Companies be afraid

A study published last year indicated Canadian firms targeted by ransomware attacks were more likely than companies in other countries to pay to unlock files.

Seventy-five per cent paid the ransom when targeted before, or instead of, contacting authorities or cybersecurity firms for assistance, compared with the global average of 40 per cent, according to a study sponsored by cybersecurity firm Malwarebytes and conducted by Osterman Research.

The Canadian Govt Public Safety has issued the following guidelines in a bid to help Canadian companies solve the problem.

 

Suggested Action

→ Update systems to latest version or patch as reported by Microsoft – https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

→ For systems without support or patch is recommended to isolate from the network or turn off as appropriate.

→ Isolate communication to ports 137 and 138 UDP and ports 139 and 445 TCP in organizations’ networks.

→ Discover which systems, within your network, can be susceptible to attack through the vulnerability of Windows, in which case, can be isolated, updated and / or shut down.

 

Information Workshops

Our 1 Day Security Essentials course is designed to teach attendees the fundamentals of CyberSecurity. Utilising a series of scenarios and case studies, this hands-on course will give attendees an introductory look at the everyday challenges facing today’s IT Security professionals, covering many topics.

CyberSecurity Brains Executive Training workshops are designed to help create awareness of todays security risks, the responsibilities of the organization and to help build a business case for Security budget and spend. With the growing sophistication of todays cybercriminals, the threat of a security breach is now greater than ever –Ransomware etc. To keep your organization protected, a ‘Security Aware’ culture is needed and can only be created by getting top down buy in from across your organization.

Contact us at enquiry@cybersecuritybrain.ca if you would like to set up a briefing session with one of our Cybersecurity Experts.

Also Read: Canada. Meet Your New CyberSecurity Teacher

 

About CSB:

CyberSecurity Brain’s mission is to Educated Tomorrow’s IT Security Leaders. CyberSecurity Brain is enabling the CyberSecurity professionals of tomorrow by providing high quality classroom-based IT Security training courses. We believe that the combination of quality instructors and comfortable facilities with easy to follow and focused course material is the key to passing exams and obtaining certification.

Thanks for reading our article on Ransomware. Contact us today to see if we can help train your staff on how to combat Ransomware attacks.

 

References:

Microsoft: Customer Guidance for WannaCrypt attacks

Microsoft Security Bulletin MS17-010 – Critical

Microsoft Malware Protection Centre