Starting on Friday, May 12, 2017, a massive ransomware attack infected more than 230,000 computers in 150 countries. The attack utilized the WannaCry virus, a ransomware computer worm that targets the Microsoft Windows operating system. The virus is designed to encrypt a system’s data, effectively locking out the system’s owner. The virus then demands a ransom payment in exchange for the release of the information. As of the 15th, the Bitcoin ransom accounts have been paid over $26,000, indicating that some people are choosing to pay the ransom.
Most ransomware infects computers by way of phishing emails, and it appears this was how WannaCry likely started. Once installed, it uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA) to spread laterally through local networks and remote hosts, encrypting all data files it can see.
We don’t yet know the full details of the infection vectors, but we do know it targets a known vulnerability in older Microsoft remote file sharing services. With over a million devices running this service (SMB on port 445) exposed to the internet, it’s pretty obvious why this attack has spread so far and so fast. Ironically, a critical patch was issued by Microsoft on March 14, 2017, nearly two months before the attack, that removes the underlying vulnerability for supported systems, but many organizations had not yet applied it.
If you’re a ShareVault customer, rest assured: ShareVault's diligent focus on layered security measures ensures your data is fully secure and safe from malicious attack. We hope your systems and data elsewhere fared as well.
In the wake of the attack, ShareVault has revisited security controls to assure this attack and the likely next generations of this attack are prevented. Since the May 12th wave of attacks, the malware has been upgraded at least once and will likely continue to evolve as organizations try to contain it.
Of all the articles and resources offering guidance on how to contain this latest threat, one stands out that I would like to share with you. Published by the FBI and distributed via their industry partner program, InfraGard, the article lists some useful guidelines on how to protect yourself from infection (below). It is likely your organization is already following many, if not all, of these recommendations. I encourage you to vigilantly keep the security of your data a top priority. Many of us have computing scenarios that complicate efforts to secure our data. I like the FBI’s set of recommendations because it focuses on issues closely related to the current threat and most of the measures can likely be applied where applicable without highly specialized or expensive measures.
As always, ShareVault is continually upgrading our infrastructure and security measures to assure we are ahead of this current threat and the next emerging threat to vigilantly protect the data you entrust to us.
RECOMMENDED STEPS FOR PREVENTION (from the FBI report)
On the Friday evening of the attack, a UK-based cybersecurity researcher inadvertently discovered a “kill switch” embedded in the code of the malicious software, which impeded the software from spreading. However, the masterminds behind the attack have already altered the code to get the ball rolling again, emphasizing the need to remain vigilant.
Learn more about how ShareVault is the industry leader in secure file sharing.
Phillip Bandy is ShareVault’s chief information security officer (CISO) and is responsible for establishing security standards and controls, guiding the implementation of security technologies, and managing the establishment and implementation of security policies and procedures. He is an expert in computer incident response and has implemented computer security controls for NASA’s Mission Control.