Skip to content

How to Protect Yourself from Ransomware like WannaCry

The WannaCry Ransom Attack

Earlier this month, hackers exploited a vulnerability in older Microsoft Windows servers to execute a global cyberattack using ransomware — a malicious software that holds your computer’s files hostage for ransom—as well as EternalBlue, a hacking tool stolen from the U.S. National Security Agency (NSA). EternalBlue is a network tool that can automatically spread itself across the Internet, scanning for vulnerable systems as it goes. The attackers used this tool to primarily target older Windows systems (including XP, Win 8, Win Server 2003) which were no longer being supported with security patches, but many new Windows machines were also affected.

This massive attack known as WannaCry completely locked victims out of their PCs. Victims then received ransom messages from the attackers that promised to restore each owner’s access if the owner paid $300 in the digital currency Bitcoin. If an owner refused to pay, the attackers threatened to destroy that owner’s files. The attack was reported to have infected more than 230,000 computers in over 150 countries, including 40 National Health Service trusts in the UK. While the initial attack has been contained, experts worry that the next wave of ransomware attacks could be even worse. Is your organization ready?

In this post, I will lay out common sense steps that organizations should take to protect themselves, as well as strategic security principles to guide you going forward.

What You Need to Do Right Now about WannaCry

If the worst has happened, and you had your data stolen by WannaCry attackers, there are now free tools available to help you decrypt your locked data (such as the EaseUs tool found here). If you have not already taken action to secure your systems from the existing WannaCry cryptoworm, here are the specific steps you should take:

  1. Apply the Microsoft patch for the MS17-010 SMB vulnerability.
  2. Perform a detailed vulnerability scan of all systems on your network and apply missing patches immediately.
  3. Limit traffic from/to ports 139 and 445 to internal network only. Monitor traffic to these ports for unusual behavior.
  4. Enable strong spam filters to prevent phishing e-mails from reaching end users, and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
  5. Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching your end users.
  6. Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans. I recommend Norton and Sophos.
  7. Manage the use of privileged accounts. Implement the principle of least privilege—no users should be assigned administrative access unless absolutely needed, and those with a need for administrator accounts should only use them when necessary. Configure access controls (including file, directory, and network share permissions) with the principle of least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
  8. Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.

The Long-Term Implications of WannaCry and Ransomware

While the aforementioned steps will help protect your systems from ransomware and other malware attacks, we do not know what the next major attack will look like. Even the latest patches and security products will only block old and known variants of malware like Wanna—and new variants appear all the time. Making matters worse, some variants of ransomware can enter your systems via your RAM or firmware in order to avoid antivirus detection. This in mind, here are strategic best practices to keep your organization safe.

Back Up Your Data

Having reliable backups is essential for business continuity, especially if you work with PHI or other sensitive healthcare data. In some ransomware attacks, criminals will delete your files even if you pay their ransom. Reliable backups will also protect you from nonsecurity disruptions like unexpected damage to a data center.  

As you back up your data, be sure to create frequent backups to several disconnected servers; this will protect you from malware that spreads across networks. It is also important to regularly test the integrity of your backup data to ensure it will meet your needs after you restore it. Finally, I recommend you set up an enterprise endpoint backup tool to protect individual user data on their laptops and workstations.

Identify Sensitive Systems and Potential Vulnerabilities

You might not be able to predict the next major attack, but you can prepare your systems by finding and protecting potential weak spots. For example, identify any of your users’ storage locations that are inherently vulnerable, such as file shares. It is also important to monitor the integrity of your module, as this has become a popular attack surface for cyber criminals.

As you examine how data flows throughout your network, be sure to evaluate the potential business impact of that data being stolen or encrypted by a cyberattack. If certain data or systems are especially critical to your business, adjust your recovery point objectives to back up these systems more frequently.

Have a Dedicated Security Team

As your organization grows, the stakes of your information security will continue to elevate. The best way to stay ahead of cyberattacks is to create a dedicated security team ready to manage any crisis you face. Ideally, this team would include an applications expert, a network security engineer, and an analyst who can keep up with the latest data security trends.

Once you have this team in place, it is also smart to align this information security team with your IT disaster recovery team and network team in order to develop a cross-department plan to respond to security incidents like the WannaCry attack. This cross-department plan should focus on making you resilient to attacks, not just preventing them altogether.

Get Smart on Ransomware with the Latest Security Information

Now that Verizon has released their yearly Data Breach Investigations Report, we have a host of new information about security breaches that could lead to your data being compromised. However, this lengthy report is only one part of the information security puzzle. In my upcoming webinar on July 12, I will discuss the long term implications of the WannaCry attack as well as best practices to help your organization protect itself from ransomware and other cyberattacks.

Learning from WannaCry – The Long-Term Implications

  • Presenter : Ulf Mattsson, CTO Atlantic BT Security
  • Duration : 60 min
  • Date & Time : July 12 2017 12:00 pm EST

UPDATE: Watch my other recorded webinar on Learning from Verizon 2017 Data Breach Investigations Report

Get Help From The Experts – Have Your Cybersecurity Evaluated Today

The Atlantic BT Manifesto

The Ultimate Guide To Planning A Complex Web Project


Atlantic BT's Insights

We’re sharing the latest concepts in tech, design, and software development. Learn more about our findings.

Questions & Answers

What is the best web development framework?
Many people commonly ask “what is a framework in web development?” Web development frameworks can easily be confused with web development tools, languages, or parts of the web development stack (like .NET, PHP, JavaScript, or Ruby).
Learn More about What is the best web development framework?
What is the best programming language for web development?
If there was one “best” programming language, then everything else would be obsolete. The reality is that there are so many different programming languages because there is no “best” language for any situation.
Learn More about What is the best programming language for web development?
How much does web development cost?
Web development can vary from a few hundred to millions of dollars depending on what is needed. You may simply need some changes to something that already exists, or you'd like to build a large or complex application.
Learn More about How much does web development cost?
What is front end vs. back end development?
As web development evolved, it separated into logical specialization: front end web development and back end development. While back end development involves the server-side development, front end is the final rendering.
Learn More about What is front end vs. back end development?
What is full stack web development?
Full stack web development as a term evolved due to the separation of roles between front end and back end developers. A “full stack” developer is a developer that can work in both front end and back end technologies.
Learn More about What is full stack web development?
Can I migrate from my custom application to a SaaS offering?
This can’t be definitively answered in a short Q&A but it’s absolutely possible with the right migration plan.
Learn More about Can I migrate from my custom application to a SaaS offering?
What language should I use to write my custom web application?
We recommend sticking to .NET, JavaScript, PHP, Python, and Go. These languages have strong support communities and widely-used libraries.
Learn More about What language should I use to write my custom web application?