Cisco Blogs
Share

WannaCry Type Ransomware a Growing Threat: 5 Easy Steps to Protect Your Agency

- May 16, 2017 - 0 Comments

It all started harmlessly enough. A pleasant sounding ping on her phone and a quick check of her email. But it then quickly descended into a weekend of worry. For people in both the public and private sector, cyber attack has become a potentially life-altering and seemingly unstoppable threat that is beginning to define our everyday lives, even on the weekend . . .

Friday: I received an urgent call from my wife around lunch time. She had been out running errands when she suddenly began getting alerts of a cyber attack at her business. The attacks were happening in rapid succession, very systematic in nature. And with multiple accounts, each connected to another, just one successful breach could have massive cascading effects. Whether it was the just launched WannaCry ransomware or the recent OAuth exploitation cyber threat, we weren’t sure. But we turned our attention to WannaCry first and soon found that this variant of ransomware is a type of malware that exploits backdoors in operating systems with no user interaction needed to spread. It is also the first ransomware worm seen in the wild and works by:

  • Encrypting 176 different file types, adding .WCRY as an extension.
  • Displaying a pop-up message stating, “Oops, your files have been encrypted!”
  • Demanding a $300 Bitcoin ransom that doubles after three days.
  • Deleting user’s files if not paid in 7 days.

Unfortunately, we also learned that:

  • Decrypting ransomed files was not possible.
  • Paying ransom did not guarantee files would be decrypted or left unharmed by a hidden future threat.

Saturday: As the pings on her phone increased, so did her stress level. So we implemented these 5 easy steps to protect against future cyber threats and help lower any future stress levels. These are also good practice for state and local government and could prove a literal life-saver for citizens the next time cyber threats strike:

  1. Keep security software and operating systems updated automatically to patch backdoors that ransomware exploits
  2. Never open emails or click attachments from unknown sources. This is the leading method of ransomware delivery.
  3. Never enable macros if asked when opening emails, unless you know the source.
  4. Backup individual device and network data every day so that you don’t have to pay ransom or suffer bad publicity.
  5. Use cloud services for archiving.

#wannacry #ransomware #cybersecurity cisco #cyberattackSunday: We visited the Cisco Talos website for the latest updates. Talos is a group of industry-leading cybersecurity experts who battle cyberattacks as they unfold. They help Cisco customers, including state and local governments, protect their networks from damage. For Public Safety agencies, the threat from ransomware is rapidly increasing. Law Enforcement agencies are now being hit by ransomware attacks on a regular basis (article here) with some being forced to pay ransoms. EMS and Fire are also targets. Just imagine the damage if an Emergency Operations Center’s communications network was breached. Precious moments could be lost, leading to insufficient response times in life-or-death situations. Even Public utilities are prone to attack, such as the recent successful intrusion into Lansing, Michigan’s power and water utility (article here).

As the pings continued, my wife became better educated and empowered against cyber threats. Luckily, the Cisco Talos team shares what they learn about emerging threats at their Talos Blog site. We also stumbled across this free online book, A Guide to Ransomware Defense. So to de-stress a bit, we downloaded it and headed over to Starbucks to enjoy some refreshing Frappuccino’s during Happy Hour. While there we also found a great article on how local governments mitigated ransomware attacks.

#wannacry #ransomware #cyberattack 3By Sunday night, as the global political finger-pointing began, things began to quiet down for my wife. The night was a quiet one with only a handful of alerts. We were even able to relax out back in the new log-cabin style chairs I had assembled just before our “Wannacry Weekend” had begun. It was there by our pond that the pings of the alerts finally ended, supplanted by the subtle calls of the ducks and big blue heron. As the weekend came to a close, I retired for the night. But my wife, a little more educated and a lot less stressed (thanks to the Cisco Talos team and the various cybersecurity resources found above) lingered on by our pond, bringing her weekend quietly to a close.

FREE CYBER SECURITY WEBINAR: Register Here!

FREE RESOURCE: What Next? Moving Forward After the WannaCry Attack

 

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share