Recent news of possibly the largest ransomware attack in history — WannaCry — has permeated the globe. WannaCry is an operating system exploit, one of many that were exposed by Wikileaks. While the original exploit has been patched, that doesn’t mean attackers aren’t trying again.
The traditional approach to mitigating ransomware attacks — user education, anti-malware, frequent backups, and keeping a supply of Bitcoin on hand — is no longer a viable option by itself. Organisations need to turn to a more robust, systems-level approach to keep data out of an attacker’s reach. It’s critical that organisations step up their game — today. And it is more important than ever that we all prepare for multiple versions of attack as well as net new attacks.
The WannaCry attack has already resurfaced and its target list is expanding. Immediately patch the vulnerability, if you haven’t already and follow these steps to ensure you organisation isn’t the next victim.
Patch and virtualize: Paying the ransom does not mean your files will be restored. Aside from the cost, payment only rewards criminal activity, and strengthens the incentive for more attacks across industries. If the bad actor does provide to keys to decrypt, restoration is often a manual process and can take weeks to recover, depending on the number of files impacted.
Run a system check to ensure all patches have been made and that employees are using the most up-to-date softwareWe strongly encourage companies to migrate to Windows 10 and virtualize applications and browsers through Citrix XenApp & XenDesktop, and AppDNA to keep sensitive data off the endpoint. By using Citrix XenApp to run a hosted browser, IT can introduce a layer between the corporate environment and the Internet to shield the trusted computer and its data from attack.
Educate your employees about this attack and their role in protecting the company and themselves. First and foremost, let employees know they shouldn’t open a file or click on a link under any circumstances unless they know whom it’s from. If they are concerned or need to confirm, tell them to pick up the phone or ask a manager.
Mobile devices are prime targets for ransomware and other malware. Containerization is key to preventing attacks on mobile devices by centralizing management, security and control for apps and data without interfering with personal content on a bring your own device (BYOD). Containerization also contains an attack to a single user.
Backup everything with a secure enterprise file sync-and-share service like Citrix ShareFile. Even if the ransom is paid, there’s no guarantee the files will be restored. The options are to restore data from a recent back up or live without the files. ShareFile keeps multiple versions of each file so that in the event a file is encrypted by ransomware, users can revert to the most recent, uncompromised version, eliminating the need for a hacker’s decryption key.
It is therefore clear that virtualization, enterprise mobility management and enterprise file synchronization help shield devices and organisations — computers, tablets, smartphones and other endpoints — against ransomware attacks and allow for quick recovery if an incident does occur. Many of the operating system hacks published by Wikileaks can be mitigated with these types of technologies.
By Brendan Mc Aravey, Country Manager at Citrix South Africa