3 Lessons Learned from the Summer of Ransomware

Don’t Let History Repeat Itself

Those who don’t learn from the past are sure to repeat it. As we enter August, it’s a perfect time to reflect on lessons learned from the biggest global security threats of the summer.

There are vital security protections that organizations should have in place to reduce risk and protect against the next disaster. After experiencing this summer’s storm of  events, it’s important to evaluate your patch strategy and ensure the safety of your company.

The WannaCry attack in May affected computers in 12 countries, including the NHS. In June, a South Korean hosting company paid out $1 Million USD in bitcoin, the largest sum ever, after being infected by the Erebus malware. Most recently, the NotPetya ransomware was spread via forced automatic updates, affecting global businesses.

Below are tips to ensure your organization doesn’t become an IT security cautionary tale this summer.1. Don’t Count on a Kill Switch

Before the kill switch to WannaCry was discovered by accident, it had already infected tens of thousands of computers across the world, shutting down vital systems used by the NHS in the UK.

Don’t rely on a kill switch to save the day in future attacks though, most ransomware doesn’t have this capability. New variants of WannaCry are still being released that ignore the kill switch.WannaCry exploits a weakness in the Microsoft Operating Systems that were originally identified by the NSA. Microsoft patched these weaknesses in March 2017 and tools like Syxsense, Windows Update or other patching solutions should be already protected by deploying MS17-010.

2. Don’t Count on Auto Updates

A set it and forget it mentality to IT security is appealing, however, it rarely works out in the IT manager’s favor. NotPetya has highlighted the danger of relying on auto updates to secure your operating systems and third party applications. Security experts say accounting program provider MeDoc was breached and the NotPetya ransomware was spread via forced automatic updates. The attack has so far been detected in Poland, Italy, Germany, France, the US, the UK, Russia, and Ukraine.

Syxsense has always recommended disabling auto updates in apps and OS to allow you to properly test, pilot and control distribution of updates.3. Patch in a Timely Manner

Patch management should never be delayed. The vast majority of security events are attack vulnerabilities that have already been addressed. In the case of WannaCry, Microsoft had released an update that addressed the vulnerability two months prior to the worldwide attack.

By putting off patching, you leave your environment completely vulnerable to exploits and ransomware. Always be prepared for doomsday by patching consistently and efficiently.

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

START YOUR FREE TRIAL OF SYXSENSE