Don’t cry over data loss as a result of WannaCry if you could have prevented it
This article has been supplied as a media statement and is not written by Creamer Media. It may be available only for a limited time on this website.
- Security practitioners the world over should take a stern reality check after WannaCry ransomware hits the globe
The WannaCry ransomware cyber attack orchestrated over the weekend of the 12th of May should act as a stark reminder to companies that data backups need to be done regularly, that security solutions have to remain up to date and that user education is still a vital component of every security policy.
This is according to Andrew Potgieter, Security Solutions Director at Westcon-Comstor Southern Africa, who adds that even more unnerving is that “kits” to put together attacks of this nature are readily available for download on the Internet and doesn’t require a group of elite hactivists to run.
“Ransomware encrypts the data in your data centre (storage) or on personal devices and holds it ‘ransom’ until you pay the fee requested by the ‘data kidnapper’. What made the WannaCry attack so different is that it was done on a global scale, spreading to 150 countries, impacting over 10,000 organisations and 200,000 individuals – exploiting a security flaw in Windows XP,” states Potgieter.
Furthermore, he says that perhaps the most startling component of the attack is that so many companies were simply crippled. Highlighting that there is a real flaw in IT security policies, there are few organisations with effective “crisis situation” policies in place and that companies who simply fall back on two-dimensional, anti-intrusion detection and prevention methods will continue to fall victim.
Simply put, according to Westcon-Comstor vendor partner AlienVault, WannaCry is a ransomware variant that takes advantage of an exploit in the Windows operating system (MS17-010) that was released by a hacking organisation called Shadow Brokers in March. The exploit and tools were allegedly part of a collection of spy tools used by the National Security Agency (NSA). While Microsoft patched the vulnerability pretty quickly after the release, many clients have not run the updates needed to deploy the latest patch. Once an infected computer is put into action the malware spreads like a worm on your network, sniffing out other vulnerable machines to infect.
Regular backups and snapshots can help you recover files hidden behind ransomware, particularly if you can identify when the infections occurred, so you only work with backup copies before the infection. While you won’t be able to recover your files since the last backup, without paying the ransom, you can get at older files that are critical to business operation and continuity.
“Ransomware hides your data, but that data can be restored if regular backups are done in a business. Backups shouldn’t just be a business imperative, but a security one too, as all data needs to be continually and regularly scanned and cleaned of hidden malware. Updates might be a pain and slow your machine, but there are critical in a business, you simply have to run all updates as often as you can. It is the job of the IT department to ensure this happens.
“This is a huge wake up call for security practitioners, software developers and businesses alike. One small vulnerability can cripple your business. It is not just IoT and digital platforms that are affected it is all platforms. If businesses weren’t aware that they need to take security seriously, then this attack should surely change their minds,” ends Potgieter.
Comments
Announcements
What's On
Subscribe to improve your user experience...
Option 1 (equivalent of R125 a month):
Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format
Option 2 (equivalent of R375 a month):
All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors
including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.
Already a subscriber?
Forgotten your password?
Receive weekly copy of Creamer Media's Engineering News & Mining Weekly magazine (print copy for those in South Africa and e-magazine for those outside of South Africa)
➕
Recieve daily email newsletters
➕
Access to full search results
➕
Access archive of magazine back copies
➕
Access to Projects in Progress
➕
Access to ONE Research Report of your choice in PDF format
RESEARCH CHANNEL AFRICA
R4500 (equivalent of R375 a month)
SUBSCRIBEAll benefits from Option 1
➕
Access to Creamer Media's Research Channel Africa for ALL Research Reports on various industrial and mining sectors, in PDF format, including on:
Electricity
➕
Water
➕
Energy Transition
➕
Hydrogen
➕
Roads, Rail and Ports
➕
Coal
➕
Gold
➕
Platinum
➕
Battery Metals
➕
etc.
Receive all benefits from Option 1 or Option 2 delivered to numerous people at your company
➕
Multiple User names and Passwords for simultaneous log-ins
➕
Intranet integration access to all in your organisation