Pavonis Blog Item

After Wanna Cry

What do we learn from Wanna Cry?
In May last year a number of high profile organisations had their computer hard drives locked from use when the WannaCry ransomware worm spread across the internet. Supposedly, if these organisations paid a fee in Bitcoin they could have had their files unencrypted and restored to use. The affected sites all had one thing in common: they were all running unpatched Microsoft Windows. WannaCry spread very quickly, but luckily an internet security researcher quickly identified a way to switch it off, giving the systems owners time to resort to backups and apply those all important updates. If you'd like to read a good review of this particular outbreak see: Josh Fruhlinger's article from CSO.

The lesson from this is simple: take regular backups and keep your software up to date.

There are other reminders from this outreak, too. Here's my housekeeping list learnt over the years:

Use strong passwords and two/multi-factor authentication
Never leave a default password in place but change it to something strong
Take backups at appropriate intervals and test the restore regularly
Encrypt your data
Close off any services you don't use, including microphones, cameras and software services
Delete user accounts that are no longer needed
Keep your software up to date
Don't run software from untrusted sources
Think and choose carefully when installing new things on your network
If you're an ISP implement BCP46 on your network and sign up to MANRS

Helpful guides exist in a number of good places. The Australian Signals Directorate has the Essential Eight for example.

From all reports WannaCry didn't actually make much money for the perpetrators compared with the money it cost. Although A$200,000 was the approximate amount according to the Guardian last year and that's an (in)decent amount in my books. Until the police closed in on the accounts...

Mind you, I don't believe the people who paid got the decryption keys either. So perhaps that's the other big lesson. Don't pay ransoms if you get a ransomware attack.