Last Updated on August 29, 2017
It’s been almost four months since the infamous WannaCry ransomware cryptoworm swept the planet in mid-May 2017, infecting over 300,000 systems in companies of all sizes, from hospitals to manufacturers, and it’s been about two months since the Petya ransomware attack caused millions of dollars worth of damage.
It’s also been almost six months since the Microsoft WannaCry patch was issued (security bulletin MS17-010) for the exploited vulnerability in Windows’ server Message Block (SMB) protocol. Shortly after WannaCry’s emergence, Microsoft also released emergency security patches for Windows XP and Windows 2003, making it possible to protect virtually every Windows system out there.
But while most organizations have patched most of their systems, WannaCry (also known as WCrypt) is still “on the loose” and many, many systems remain unprotected. For example, LG Electronics shut down some parts of its network for two days in mid-August, after WannaCry was found on an LG self-service kiosk in South Korea. Fortunately, LG reported that no data was lost and no ransom paid.
But why hadn’t LG patched its network of unmanned reception terminals prior to the recent attack?
One in Ten Windows Systems Are Still Unpatched
What we’re seeing in our vulnerability assessments is perhaps one in ten Windows systems are still unpatched in many environments. That’s a lot of systems, as well as a lot of data on physical and network drives, that are ripe for ransoming.
Have you scanned your environment and verified all your systems are patched?
WannaCry was able to spread quickly and successfully, which is why hackers have reconstituted various aspects of it into new versions. According to Symantec’s 2017 Internet Threat Report, ransomware is the fastest growing form of cybercrime, with a 36% increase in attacks worldwide in just one year.
Indeed, the high-profile Petya ransomware cyberattack occurred only about two months after WannaCry. While many victims were in Eastern Europe, Petya impacted businesses globally. In particular, the Danish transport giant Maersk acknowledges the attack will cost it about $300 million in lost revenue.
Prevent Ransomware Exploits By Patching Your Systems and Backing Up Your Data
WannaCry is still active on the Internet, as is Petya and countless other exploits. You should take these immediate steps to prevent this malware from encrypting your data. The most critically important preventive step, by far, is to patch your systems and keep them up-to-date. That way you’re protected if someone clicks a link in a malicious email or opens an infected document.
Besides patching your Windows systems, the next most effective way to reduce your risk from ransomware is to backup your data, and store the backups offline so malware can’t encrypt or otherwise damage them.
To get help with finding and fixing vulnerabilities in your environment, educating staff about staying safe from ransomware, and generally boosting your organization’s resistance to ransomware and other malware, contact Pivot Point Security.