raffa resources
raffa resources
raffa resources

News & Resources technology

​Don't WannaCry? Ransomware Survival Tips

​​By Nate Solloway, Raffa Systems Engineer/Outsourced IT Manager

The WannaCry Ransomware (WannaCry) attack is an ongoing worldwide cyberattack that targets Microsoft Windows operating systems. First emerging on Friday, May 12, 2017, WannaCry has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries. This virus exploits vulnerabilities in the Microsoft Windows operating systems. The exposed data on these vulnerable computers are encrypted and therefore unusable. This worm exploits unpatched holes on the PC and rapidly spreads to other computers on the same network. Encrypting files on every computer it touches, this virus removes access to an organization’s vital data. The hackers demand ransom payments in exchange for restoring the data.

Multiple layers of protection are needed to protect networks from exploits like WannaCry and their related attacks. Even small organizations should have these protections in place:

  • Security Patches: Microsoft released Windows Updates in March that would protect systems from the security holes exploited by WannaCry. Networks that were slow to deploy these patches were vulnerable. Workstations and Laptops should be updated on a weekly basis to ward off new threats. Servers should have a monthly planned patching schedule, at a minimum.  Raffa clients are monitored and critical patches are deployed from our managed services console. Even in small organizations IT should be able to monitor staff computers and ensure everyone is patched against security threats.
  • Offsite Backups: If Ransomware does manage to encrypt an organization's files, an offsite backup can help executives rest easy. Ransomware is only a threat if an organization cannot get their data back. Windows file servers should have ample free space and use Volume Shadow Copies to snapshot files twice a day.   Backups should be made nightly, at a minimum, and automatically be carried offsite. Some ransomware will wipe out shadow copies and seek out onsite backups to encrypt those as well. Offsite backups are more affordable than ever and will provide peace of mind in case of an attack.
  • Access Control: When ransomware, other than WannaCry, executes it will often run with the security permissions of the staff member who executed the file. Organizations often err on the side of giving all employees more access than they need. Shared files should be reviewed periodically. The number of folders allowing changes by all staff should be minimized whenever possible. Organizing security by departmental groups or job functions limits the damage many malware variants can do. 

Over the past weekend, new variants of this exploit have emerged, and other copycats are expected soon. Now is a good time to ask your IT Manager about the security of your network. Is your network protected? Are all the computers on your network up to date?  If you do not have an IT Manager, a professional assessment of your network may be helpful. An assessment would provide you with a current status of the health and deficiencies of your network. You can learn more about it assessments at our upcoming free seminar on june 27th as part of our raffa learning community. register now!

clients of raffa’s managed it services are monitored for security issues and critical security patches are deployed by raffa’s tools on a continuous basis. 

for more information, please contact evette collins at ecollins@raffa.com or 202-955-6708.