Protecting Your Small Business From WannaCry

May 12, 2017 saw the world’s first ever worm-based ransomware attack, WannaCry. Typically ransomware spreads via email as spam and phishing attacks, and relies on human intervention to initiate the infection. However, WannaCry is different in that it combines ransomware with a recently published vulnerability that was stolen from the NSA by The Shadow Brokers crime organization which means that the WannaCry ransomware is able to infect and spread without any human intervention. In a matter of hours, WannaCry spread to Internet-connected computers in more than 150 countries infecting tens of thousands of computers that were unpatched and exposed to the Internet.

As a small business owner, you may think you have nothing to worry about since all the media coverage has highlighting large companies like FedEx, Telefonica and National Health Service (NHS). Unfortunately, this threat, like many others, doesn’t discriminate based on company size and you need to worry just as much as every other organization out there if you are connected to the Internet.

So what can you do to protect yourself? Before I dive in to that, here are a few key things to remember:

  • WannaCry only infects Windows devices, it cannot infect Mac, iOS, or Android devices.
  • WannaCry only works on versions of Windows prior to Windows 10 and Windows Server 2012 (Which means Windows XP, Vista, 7, 8, 8.1, 2003, and 2008 are vulnerable).
  • Microsoft has already released patches for vulnerable versions, including Windows XP and Windows 2003 which they stopped patching in 2014.
  • WannaCry only spreads via the network currently, not through email. This could change in the future, as we expect it to as the threat continues to evolve.

Protecting Yourself and Your Business

There are a number of things you should be doing to protect your business against WannaCry and many other threats. If you don’t have the skills, there are many Value Added Resellers (VAR) and Managed Service Providers (MSPs) available in your area that have the expertise to assist.

Firewall

Every network connected to the Internet should have a firewall in place. This is a first line of defense that separates your organization from the wild west that is the Internet. Fortunately, firewalls are inexpensive, effective and widely available. It’s likely that your cable/dsl modem you received from your Internet service provider (ISP) has built-in firewall functionality already.

What should you check?

  1. Make sure you have a firewall installed.
  2. Make sure you are blocking inbound connections on ports 139 and 44, as that’s how WannaCry spreads and enters your network.
  3. Make sure you are blocking all inbound ports that aren’t absolutely necessary. You may have to allow certain ports if you host your own email server, or some other type of server or application in your environment that needs to be accessible from outside the office.

Endpoint Protection

Every device on your network should have some type of protection in place, ideally a centrally managed solution purpose-built for small businesses. That way you can ensure that all your devices are protected in a consistent manner.

What should you check?

  1. Make sure you have an endpoint security product installed on every Windows, Mac, iOS, and Android device that connects to your network.
  2. Make sure your endpoint security product is not expired and has all the latest updates.
  3. Check with your endpoint security vendor and make sure you are following all the best practice configurations to maximize protection. If you are a Trend Micro Worry-Free customer, best practice configurations are available here.

Patching

All software needs updating from time to time to fix bugs that may have gone unnoticed when the software was initially released or add enhancements to the products. It’s critical that you keep all your systems up to date with the latest patches, as often times these patches include security updates.

What should you check?

  1. Make sure all of your devices are up to date with the latest patches.
  2. Make sure you have automatic patching enabled. This can be done in a number of ways including centrally through Active Directory Group Policy, individually on each computer, or with a third party patching tool. Information on how to setup automatic updates on Windows XP, Vista, 7, 8 and 8.1 can be found here.
  3. If you have Windows XP, Windows 8 or Windows 2003 machines, make sure you have the patches to protect against the vulnerability that enables WannaCry installed. Those patches are available from Microsoft.

Backups

As a general rule, you should always be backing up your data. You never know when a system will crash, a building will burn down, or a disgruntled employee will intentionally destroy data to harm you and your business. In addition to all of those concerns, you now have to worry about Ransomware finding and encrypting all your data, rendering it inaccessible. Fortunately, a good backup plan (a 3-2-1 strategy is the generally accepted best practice) can help prevent or mitigate many of these potential risks.

What should you check?

  1. Make sure you have a backup solution in place. There are many solutions available on the market for backing up physical and virtual machines, so you have no excuse not to have a backup solution in place.
  2. Make sure your backups are actually working. Often times backups stop working due to lack of space (disk or tape has run out of space), program errors, or misconfigurations. Double-check that everything is working properly and your backups are current.
  3. Make sure you test restore one of your backups to make sure the data isn’t corrupt. There’s nothing worse than suffering an incident that necessitates needing to restore from backup, only to find out your backup tapes/disks are empty or corrupt. You should occasionally spot check your backups and make sure they are working properly and can be restored when needed.

For more detailed information on WannaCry, or how you can protect yourself with Trend Micro solutions, please visit our information page for the latest updates.

Leave a Reply