Ransomware in the Machine
“Have not done your homework? Do not past BEGIN, go straight to the crying room!”
The latest attack (12 May 2017) on your data known as WannaCrypt a.k.a WannaCry is the result of the WikiLeak release of NSA hacking tools. This blog entry is not to talk about the intricacies of the exploit and what you should do about it to control the damage as if you do not have staff on your team that averted this, you need to relook at the skill level as well as the controls you have in place.
For those who have not patched against the exploit, I have seen an excellent image on the web for them. This sounds insincere however there was ample time to address many issues.
The Microsoft patch (MS17-10) was released on the 14th of March which is a patch addressing one of the zero-day NSA leaked attack vectors and the world-wide attack started the 12th of May. (This is 59 day window of opportunity to patch).
Latest data on wcrypt is available at the following link and it will be outdated but there were nearly 220,000 infections noted. Many companies have been crippled or seriously affected including NHS (UK), Telefonica Spain, Renault and other motor vehicle production lines.
My comment for any company that were paralyzed need to look at the following actions to be performed:
- Do you have a procurement policy to ensure that your hardware and software is currently in a support contract?
- Do you have a security officer/analyst/CSO/CISO on staff address the risks to your resources?
- Do you have a patch management and reporting mechanism in place?
If you do not… the board needs to be taken to task! If you do, your security officer (or related role) should be taken to task. There is no excuse. Someone should be fired!
Practice safe HEX!