We know cyberattacks have gotten worse recently, and the WannaCry Ransomware attack is the biggest one yet. Sadly, few people are equipped to deal with hacks and even phishing attempts: Just a few days earlier, we covered a report noting that 75 percent of CEOs rely on applications and programs that are not approved by their IT department. We need to do better.
Eric Klonowski, Senior Advanced Threat Research Analyst at Webroot, has offered a few words of wisdom on what's unique to this case, what people can do to protect themselves, and what's in the future of hacking disasters.
How the WannaCry Ransomware Event Happened
Technically, how does Webroot detect and prevent infection by WannaCry or other Trojans?
“We have proprietary detection systems in place. In the case of WannaCry, our Webroot SecureAnywhere (WSA) detected and blocked it just like any other malware that we see. What was unique about this malware was its distribution method.”
Does this mean that no customer running Webroot has been, or indeed will be, affected by WannaCry?
“It takes time to learn about every threat and learn how to protect against it. This being said, our call volume has not been impacted at all by this threat. However, if someone has an unpatched system, there is potential for infection due to the vulnerability within the OS mentioned. We also have other tools to assist in auto-remediating malware.”
Do you have evidence that the initial infection vector was email?
“While our threat teams are still actively researching the threat, we know it is propagating by probing and exploiting vulnerable systems.”
What Can Be Done to Avoid Ransomware?
Webroot offered four tips for those hoping to prepare for ransomware attacks in the near future.
- Back up your data. Unfortunately, ransomware can attack cloud storage services and network drives. Create a physical backup on a DVD or portable drive, and keep it in a secure location that is not connected to your computer.
- Make sure you are practicing good cyber hygiene. Hover before you click to make sure you know the end destination of links, change your passwords regularly and keep your operating systems up-to-date. Don’t open emails from unknown senders.
- Use antivirus software. Make sure ransomware doesn’t get on your computer by using software that can block malicious phishing sites. But, beware of free security: you get what you pay for.
- Patch and update your device. Regularly check for firmware updates for your device. This is how companies push out fixes for any known vulnerabilities.
More Is Likely to Come… But Not as Bad
Here's what Klonowski had to say on whether the threat from similar hacks might get worse in the near future:
“Malware authors tend to follow the leader. Being that WannaCry’s infection rates were so high, I am fairly positive we will see copycat malware also using CVE-2017-0144 as a means of spreading in the near term. However, after being infected, most people tend to apply the necessary updates, in this case patching old systems, so I suspect malware using this vector will not be quite as successful. In addition, exploits as serious as this are of high value and fairly rare, so we really only see worms as prolific as this once every few years.”
Hopefully Webroot and any other endpoint security or threat intelligence services will continue keeping up with each cyber attack as it happens. As long as we keep our security systems on par with the threats to them, we'll be able to squash each new exploit attempts as it occurs.