Another cyber-attack has swept over the world again today, starting in the Ukraine and quickly moved across Europe and into the United States. The virus is like the WannaCry ransom ware that infected more than 300,000 computers worldwide last month. It also displays links and characteristics indicating that it may have been derived again from the "Eternal Blue" program, widely believed to have been stolen from the NSA. It encrypts all the files on your hard drive or overwrites them silently, and renders most computer systems useless once completed. Banks, medical facilities, credit lenders, ATM machines, and point of sales computers are just a few of the early victims that were reporting the attack as of 12 PM EST. Heritage Valley Health System in Pennsylvania reported the attack early today (Tuesday), and according to local media reports in their area was completely shut down. The largest advertising firm in the world WPP was infected, employees were told to shut down their computers and the building and work "is at a standstill".
What Has Changed:
We know now that the virus / ransom ware last month had a weakness that was discovered by a British security researcher. By registering the website that was being used and taking control of it, the attack last month was effectively slowed down. It was hailed as the "kill switch" for the WannaCry attack. The attack that has emerged today (June 27th) does not appear to have a "kill switch". Also, this attack seems to have started from Email with infected PDF and Word file attachments. The WannaCry outbreak largely relied on the Microsoft implementation of the SMB (server message block) protocol, for which a security patch was released in March 2017.
How to Protect Yourself:
First and foremost, ensure that you and your employees do not open any unsolicited or "suspicious" looking email especially ones that contain attachments. If you don't know who it’s from or you are unsure about any part of an email sent to you, contact your IT department or personnel without opening it so that they can review it. Do not open it, forward it, or click on any links or attachments contained in the email.
Make sure that your workstations and servers are completely patched and up to date with the latest security updates from Microsoft, and also third-party vendors like Adobe Flash. Microsoft released an update that effectively blocked the WannaCry virus in March 2017. But because companies are simply not keeping up with security patches (among other things) it went rampant. Keep your systems patched, and if you can't do it on your own then you need to hire a firm that will ensure this happens.
Ensure that you have an industrial firewall with digital defense systems in place. CTS recommends SonicWALL firewalls. If you have a firewall in place that has Intrusion Prevention Systems, Gateway Anti-virus, and Gateway Anti-malware with effective screening rules in place you will save yourself a lot of grief.
Have an effective Anti-virus in place system wide that is updated and running. Anti-virus alone will not protect you. Only 4 in 61 antivirus systems detected the attack on systems today, and by detected I mean it was too late. Anti-virus is meant to be part of your layered defense system, not an impervious shield against everything.
Use web filtering systems as part of your defense. A good web filter will stop users from unintentionally going to malware or malicious sites. And it can be used to block a host of other threats including phishing websites that may also be spreading the latest outbreak.
If you have these layered systems in place, and you know that your workstations and servers are patched with the latest updates you have a good chance of getting through this unscathed. If you have questions or concerns about the status of your network, please call us today. We will come onsite and do a free evaluation and consultation with you of your network