Now the dust has settled on the recent major ransomware attack known as ‘WannaCry’ which severely impacted several hundreds of thousands (if not millions) of organisations and home users worldwide, perhaps now is the time to review what lessons can be learnt for PC and network users – particularly smaller businesses who don’t want to be held hostage until they pay a ransom.
The most widely publicised infection of this malware outbreak in the UK was the infection of over 50 NHS Trusts in England and Scotland, but seemingly not all Trusts were impacted and apparently none in Northern Ireland. So why did it impact some authorities and not others? Well the answer seems to be in simple terms that some Trusts spent literally nothing on Cyber Security in recent years and others had very few IT personnel often looking after hundreds or thousands of PCs and intelligent devices connected to their networks. There were previous warning signs, in that a similar but smaller (in impact) attack did occur in 2016. So in general terms, despite the dangers and warnings – it could be easily argued that in many cases no reasonable or sensible countermeasures were employed by NHS Management. But can the same accusations be levelled at Managers, Directors or Partners in smaller businesses and organisations? Very possibly!
In simple terms what is WannaCry? It is known as a malware category called ‘Ransomware’ as once it has infected a PC it will hide all the data on that device (by using encryption) and then demand payment of a ransom to decrypt the data. Until payment is made the PC is unusable. The PC user has two choices either pay the ransom or completely reinitialise the PC reloading data from a hopefully recent backup. The former option of paying the ransom provides no guarantee that your PC will indeed be returned to normal operation. For many, especially in the legal profession paying ransoms to criminals is probably not an option. The latter option underlines the vital need for up to date backups.
From a Security perspective what loopholes did WannaCry exploit? Firstly, it is apparent that it could penetrate some firewalls and not others. In essence, routes through firewalls were left open by impacted organisations. These routes through a firewall are made via what are called ‘Ports’. Ports are bi-directional. Obviously, Ports allowing traffic through from the public internet into the organisation should always be shut unless absolutely necessary that they be open – e.g. to allow browsing or email to be received by the organisation. WannaCry (and other malware) exploits the more obscure open ports – i.e. holes in the firewall.
The reality for smaller businesses is that they typically acquire a router device with some firewall features from their Internet Service Provider at the time they sign up for internet broadband access. These devices are often provided at very low cost or even for free by the ISP. Most small businesses have no conception exactly what security these devices offer and would be completely unaware what ‘Ports’ actually are and certainly have no idea how to determine whether they are secure in any respect. The lesson here is that firewalls should be configured, constantly updated and maintained by suitably knowledgeable network security personnel – whether you are a small business or the NHS. If your organisation does not have the time or knowledge – outsourcing this task and/or deploying devices that offer multiple layers of security automatically are an alternative.
NetPilot’s SoHoBlue products offer an array of security features including a much more comprehensive firewall compared to ISP router devices. SoHoBlue units, as default, have the absolute minimum number of open Ports in either direction and undertake stringent checking and validation of all traffic passing through its firewall. They are designed for small and medium sized businesses and are ideally located between the ISP provided router and the organisation’s network and thus provide a strong additional layer of not only firewall capability – but a whole range of Universal Threat Management (UTM) security features.
The second area WannaCry exploited were flaws in Microsoft Windows. These flaws had been identified and update patches issued by Microsoft sometime before the WannaCry epidemic hit. The lesson here is again to keep software constantly updated. Configuring PCs to keep themselves automatically updated with new operating system software together with Anti-Virus and PC firewall software is not difficult but perhaps is best left to an IT specialist to initially configure and check on an ongoing basis – WannaCry proved that huge numbers of PC installations were not kept up to date and those impacted organisations paid a high price one way or another.