The most common objection I will get when presenting managed IT service options to a prospective customer is their belief that what we're offering is either "too expensive" or that they don't really need it - "we've never had a problem before!"
Over the weekend, ransomware known as WannaCrypt or WannaCry swept across the globe, infecting over 200,000 individuals in over 150 countries, taking down hospitals and medical centres part of the UK's NHS and causing damage and pain globally.
One 22 year old security researcher managed to accidentally stop the spread some time during our Saturday.
NONE of our clients were hit with WannaCrypt.
Firstly, we take proactive steps to ensure their systems are up to date; that old and outdated software is upgraded or replaced; and that best practice security recommendations are implemented.
Secondly, we insist they install a proper Unified Threat Management Firewall which ensures that all remote access must be made via a secure SSLVPN connection, thus limiting the chance that any malware on the internet can infect their systems.
Thirdly, we implement a defense-in-depth approach to protection of their servers and computers, using industry leading solutions which protect their computers from common viruses as well as ransomware/crypto-malware.
This involves limiting access to trusted websites. We monitor internet access for command and control traffic (malware phoning home). We limit user access on the desktop. We white-list software applications and flag unknown applications. We limit the use of USB devices and storage devices. We segment off their wireless network from their hard wired network. And then we monitor the crap out of the whole lot.
A lot of work goes into this. I personally spent several hours on Saturday double and triple checking that all these things were exactly as they should be when I was alerted to this new threat - JUST INCASE!
And, the result, not one of our clients was affected.
You may not have been affected either. But what would your customers say if you HAD been affected? Will they call you stupid, or just ignorant? What will the cost be to your business when something does happen - and it's only a matter of time!
This outbreak wasn't anything super intelligent. Someone used work produced by the NSA (American spy agency) that was leaked onto the internet and bolted two ideas together, along with an encryption algorithm (they most likely stole from somewhere else) and set it out into the wild. No one would ever win an award for this - but it affected over 200,000 machines worldwide!
Although hundreds of security researchers and journalists have covered the basics, here's what you need to do to avoid WannaCrypt or any future variants that abuse the DOUBLEPULSAR and ETERNALBLUE exploits written by the NSA.
- Ensure Microsoft Updates are ON and UP TO DATE
- Windows 10 was updated in March to fix this issue (MS17-010)
- Patches for Windows 7, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012 R2 were also fixed by MS17-010
- If you're STILL using Windows XP, Windows 8 or Windows Server 2003, Microsoft has released a special patch (that's how serious this is!!)
- Disable Samba v1 from your computers
- Ensure that Samba (Windows File Shares) and Remote Desktop Protocol (RDP) are not accessible from the public internet
- Ensure your Servers and Computers have up to date anti virus which is designed to stop malware and ransomware
- Ensure you have working backups.....
If you've got a spare few hours every day to keep up to date with this stuff, to ensure your business isn't cut off at the knees likes this Gold Coast Dentist was, then that's awesome.
If you don't have the time to keep up to date on this stuff, because you're busy doing whatever it is that your business does, to service your customers, and generate an income - PLEASE CALL ME. I'd love to discuss how we can protect you. (07) 5606-6102.