Security

Lessons from the WannaCry Ransomware Attack

When the virus was discovered, I sent an email to our clients letting them know that EXP’s chosen anti-virus solution, Web Root, effectively blocked WannaCry. And though the threat was quickly eliminated, I thought it would be helpful to revisit the issue and offer some prevention tips for future attacks.

The WannaCry malware was spread through email lures such as fake job offers and invoices using a .zip file that initiated the infection when downloaded. While EXP employs multiple security measures at its client sites, and Web Root worked as expected to subdue the threat, WannaCry also serves as a reminder: the first line of defense is you! Most organizations fall victim to these types of attacks through human error. Considering the high volume of emails most of us get each day, mistakes are understandable. They’re also largely preventable by exercising a few precautions.

Top Ways to Prevent Ransomware Attacks

The following prevention tips can help you spot and prevent ransomware and malware attacks.

  • Keep systems current on security updates
  • Work with EXP to make sure your approach to security is comprised of several layers
  • Use extreme care when opening email attachments, clicking on links, or browsing the internet.
  • Be suspicious of the true intent of every email you receive. Emails like WannaCry are designed to trick you, so be vigilant.
  • Back up your files and regularly scan them for viruses.
  • Make sure backups are not accessible over the network under common credentials so they are not encrypted by ransomware also
  • Create and use unique logins for all shared folders where possible
  • Deploy Software Restriction Policies on your domain, should you have one. These are very effective in preventing ransomware from executing. Talk to us for help on this.

Last of all, and just as important if not more than all of the above, spread the word! Educate yourself, your employees, and co-workers about safe computing practices. The network you save may be your own.

If you have questions about ransomware or want to discuss prevention strategies for security at your company, please contact me. I look forward to talking with you.