Over the past few weeks, businesses small and large have been forced to deal with the most recent ransomware attack, aptly named WannaCry. Like other ransomware, a business's computers, networks, data, and servers, all get locked down by a hacker that demands payment in untraceable bitcoins to unlock the systems.
However, unlike other ransomware attacks, the WannaCry attack is so simple to avoid that victims would likely want to cry after learning how easy it would've been to prevent, hence the name. The ransomware attack relies on an exploit (a vulnerability in the code) that existed in Microsoft XP. However, before the attacks even started, Microsoft issued a patch to close the exploit (fix the code). Basically, if a user updated their Microsoft XP machine after March of this year, they are safe from the attack. However, computers that were not updated are vulnerable.
Update or Pay the Price?
If you still have not updated your Microsoft XP computer this year, doing so is likely a good idea in order to close the exploit being used by the WannaCry attack. Often, businesses will avoid updating computer systems due to the fear that updating will cause problems for other systems or software programs. In these scenarios, businesses need to evaluate the risks and conduct a cost benefit analysis to not updating.
Where a business has custom software, or relies on legacy systems, performing a big system update could result in failures to the custom or legacy systems. These failures can be incredibly costly, not just to replace, but even to fix or simply diagnose. However, businesses need to weigh the risk of losing legacy systems against the risks of a cyberattack. The WannaCry attack is making some cyber-security experts rethink the way businesses need to look at cyber-safety.
How to Avoid Ransomware Attacks
When it comes to ransomware attacks, some businesses may not be able to avoid being targeted. However, like most crime, ransomware attacks are frequently crimes of opportunity. If a hacker can easily target a business that failed to update their Windows XP system, they are more likely to do so than go after a business with up-to-date software security. Ensuring your business stays up-to-date with software updates can be critical when it comes to avoiding becoming a hacker's next target.
In addition to diligently updating your systems, backing up your systems as often as possible is also highly recommended. If a business that has a fresh backup gets targeted by a ransomware attack, the business may be able to just reset their entire system and reload it from the backup. However, businesses should be savvy, and hire experts, when it comes to setting up their backup system as ransomware attacks can often find backup drives that exist on a network.
Lastly, if there is no need for data to be on a network, or accessible via the internet, then taking the data offline and off network may be able to prevent it from ever being targeted.