IT AUDIT & SECURITY
Don’t Be Held To Ransom

Nick DeLena
Manager, CISA, CRISC, MBA

22 June 2017

Many of you might remember the Lesley Gore song “It’s
My Party” from 1963, with the famous lyrics: “It’s my party and I’ll cry if I want to.” The song recounts the story of a girl who should be happily enjoying her party, but is
ultimately betrayed by someone she trusted.

Beginning on May 12th, a major ransomware outbreak called “WannaCry” made primetime news and has been the subject of a lot of pain and suffering around the world. Many organizations were affected, from the Russian Interior Ministry to the British National Health Services, and many other private organizations that did not publicly announce they were impacted.

Ransomware is a type of malware that, once executed on your computer, will start turning your files into unreadable gibberish, using a key known only by the hacker. Essentially, the hacker holds the victim’s data ransom, only to be unlocked after a payment is made to them.

Ransomware attacks have grown exponentially in the last few years with a 6,000% increase between 2015 and 2016.  According to research by IBM, 40% of all spam emails contained ransomware. This is a serious threat.  Within one day of the WannaCry outbreak, over 230,000

Within one day of the WannaCry outbreak, over 230,000 computers were affected. It turns out that WannaCry uses an exploit called “EternalBlue” that was part of a toolkit developed by the National Security Agency and leaked by an organization called the Shadow Brokers. EternalBlue was developed years ago, using a vulnerability in Microsoft Windows software that the NSA discovered and kept secret, so they could exploit it to further their goals. While there has been a lot of debate as to whether the NSA should be hoarding these types of secrets as opposed to disclosing it to manufacturers, Microsoft did release a fix that could have prevented this outbreak in March. All of those computers that were hit had not yet applied the fixes.

Like the protagonist in “It’s My Party”, a lot of businesses were feeling like WannaCry made them actually want to cry. But all of this pain could have been avoided by using some of the following approaches:

1. Making sure all computers are up-to-date with patches and other software updates.

2. Backing up information regularly, so that corrupted

3. Backing up information regularly, so that corrupted systems can be wiped clean in the event of an attack, thereby restoring them to a known-good state. Please note: make sure your backup infrastructure can’t be affected by the same outbreak.

4. Perform independent assessments that examine the people, processes, and technologies that you have in place and compare them to security best practices. The goal of these assessments is not to only identify where you may be falling short, but also to obtain an expert’s opinion on the steps you need to take to improve your defenses. Believe it or not, many improvements can be made for free.  Don’t take any chances with ransomware. Those companies affected by WannaCry may have their businesses disrupted for months. Don’t let that be you; because you would cry too if it happened to you.

Want more information on IT Audit & Cyber Security?  Visit www.ocd-tech.com!