Recently, an unknown group equipped with a leaked CIA hacking tool launched one of the largest cyber attacks in history – here’s what we’re doing to ensure your security.
Several weeks ago, security experts across the world were left aghast at one of the largest ransomware attacks in history. A nasty piece of software called WannaCrypt (better known as WannaCry) surged across global networks, crippling 200,000 organizations in 150 countries.
“This attack was unique in that the ransomware was used in combination with a ‘worm functionality’ to spread the infection automatically,” said Europol Director Rob Wainwright on Peston on Sunday. “The global reach is unprecedented.”
And it’s not just small businesses, either. Banks, government agencies, and even the British Healthcare Industry have all fallen victim to it. Here’s the problem, though – a lot of media outlets are focusing on the WannaCry worm, rather than the real threat.
WannaCry itself was not the issue. As ransomware goes, it’s fairly run of the mill (it can’t encrypt administrative shares, for example). No, what’s frightening is how it was delivered – EternalBlue, a leaked NSA cyberweapon.
EternalBlue uses a vulnerability present in the Server Message Block to gain access to a system. Once it’s done so, it installs a backdoor tool known as DoublePulsar, which then grants entry to the WannaCry worm. From there, you can probably guess how things proceed.
It gets worse. The agency responsible for leaking the weapon, The Shadow Brokers, has threatened to leak another set of hacking tools with similar capabilities. In other words, WannaCry is just the start.
There will be others.
More than anything else, this situation highlights the importance of continued diligence and why it’s essential that we follow security standards in all aspects of our work. At Liquid Web, we’ve done just that. Our security signatures have been updated to defend against the malware, so our office network is fully protected. Beyond this, our security team is constantly researching and updating to protect against new threats.
Additionally, we restrict remote access to our core infrastructure that would allow it to be impacted by ransomware. The Windows team has also verified our WSUS servers and have patched all supporting operating systems on our networks. We’ve pushed that patch to customers using our update policy who have automatic updates enabled as well.
We have confirmed that our managed antivirus solution has definitions specifically for WannaCry and have posted a notice to all Windows customers on an at-risk OS informing them of the ransomware – but also highlighting that as long as they’re using our default policy on updated servers, we’ve got their back. Customers on an EOL operating system can contact us immediately to install a manual patch.
Attacks like WannaCry are only going to grow more common as time goes on. You need to do everything you can to protect yourself from them, including choosing a host that takes your security seriously. Liquid Web is (and will continue to be) that host – we’ve got your back, no matter what kind of threat your business faces.
Contact us today and we can discuss what we’re doing to protect our customers against existing and future security threats.