Ransomware has been a major threat to organisations for several years and while the effects were felt globally in 2016 and 2017, in 2018 so far it has been reasonably easy to forget about the threat posed. However, like a constant reminder ransomware strain, WannaCry has reared its head with global aircraft manufacturer Boeing getting stung.
The original WannaCry attacks date back to May 2017, at which point Microsoft had already released patches to deal with the vulnerability, so it may be a shock to some that the strain is still infecting networks, especially those belonging to multi-national organisations whose IT networks should be highly secure.
On March 28th the Seattle Times first broke the story that Boeing had become infected, in some parts, by the ransomware strain. The response by Boeing was to isolate the machines infected and issuing an “all hands on deck” response for fear of the infection spreading to “airplane software”. Mike VanderWel, chief engineer at Boeing communicated that a call with “just about every VP in Boeing” had taken place, emphasising just how important of an issue the company saw this as. Several hours later Linda Mills, head of communications for Boeing stated:
“We’ve done a final assessment… The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777-jet program or any of our programs.”
The return of WannaCry
WannaCry infected in the region of 300,000 organisations in May 2017, in just 3 days. The speed of the attack and range of organisations hit meant that it made headlines across the globe and brought ransomware to the attention of many. The continued use of the strain could be down to its effectiveness and the ease at which it can be deployed, email being the easiest way. Boeing becoming infected means that at some stage best practice network management has not taken place – machines had been left unpatched in over a year.
In addition to monitoring machines and utilising antivirus protection, it is vital that organisations regularly update and patch machines. This ensures the latest vulnerabilities discovered by manufacturers and software vendors are made secure, ensuring cyber-criminals cannot exploit them.
German .gov comes under attack
Cyber-attacks have claimed high-profile victims in the past including Uber, Yahoo and the NHS (UK). In early 2018, the German government has come under attack, admitting that the computer network for the foreign ministry had been breached. The source of the attack is unknown but analysis has shown that it could be linked to the hacking group APT28, sometimes known as fancy bear and associated with Russian activity.
The attack which appeared to be ‘technically sophisticated and planned in advance’ may have taken place over the course of a year, which signs of an intrusion being picked up in September. It is thought that a strain of malware had given access to some systems but while no data had been actively stolen the attack is said to be ‘ongoing’.
A threat to all data
Ransomware strains typically encrypt data on a file server or network, rendering it inaccessible until a ransom has been paid. This leaves users with two choices: pay the ransom, hoping that the perpetrators adhere to their word; or restore systems from a previous backup. However, with ransomware strains evolving to make them more effective the method of restoring data from a backup can be at risk too. Many variants of ransomware are designed to attack specific file types. There are some strains that perform volume-level encryption or that attacks all files, regardless of type. Therefore, any backup that’s directly accessible through a computer’s file system is vulnerable to ransomware. Ideally, a backup application should be able to pull data from a protected host without that host requiring a direct mapping to the backup.
Securely backing data up off-site or at least off a primary network adds a layer of resiliency that on-site backups don’t, ensuring backup sets are available on-demand.
Public cloud offerings can also be put at risk from ransomware and malware strains, with corrupted data or malicious files being accidentally stored or accessed in platforms.
Staying protected against the threats of Ransomware
Protecting against the threats of ransomware and other cyber-threats should be a priority for organisations, the threats themselves can cause downtime and disruption but the associated reputational damage can be felt further with customers, employees or investors losing faith in the organisation. Although certain backups can be infected by ransomware strains, it is vital to ensure your organisation has a secure off-site copy of data that cannot become infected and that is guaranteed for on-demand recovery when it is most needed. To find out more about ransomware, how Redstor can help you stay protected or cloud backup, get in touch now.