WannaCry and others. Ransomware is here to stay, what can you do today?
In layman's terms, leaving unused services like this open is like leaving your front door unlocked and then being shocked if a thief broke in. So, if you don't need to use a specific service or port, make sure to shut it down. Microsoft tries to make Windows as easier to use as possible but that doesn't necessarily go along with security. The vulnerability that was exploited by WannaCry is only one of many examples.
The situation gets yet worse when, due to multiple reasons, companies and individual users have a sloppy security posture. This vulnerability had been patched by Microsoft in March but most users, especially corporate users, had not updated their systems yet.
Traditionally, companies apply updates slower because they normally do that after imaging their systems. This is another reason for considering switching to a different operating system. The fact Windows is the most popular operating system and its many vulnerabilities and problems make it an easy target for cyber criminals. Other operating systems such as Linux, though having their vulnerabilities as well, are much less likely to be attacked this way. That doesn't mean a UNIX/Linux operating system cannot get hacked, but it can't be done the same way as in Windows and there are fewer malware variants available. In other words, attackers go where the big money is and most desktop computers in the world run Windows.
- Update your system immediately, as Microsoft has released a patch.
- Don't trust anything or anyone. If you get an email from an unknown source, even though it looks legit, don't click on the links embedded in it at anytime and, if you just need to open them up, do it within a virtual machine.
- Avoid using Windows as long as possible. That doesn't guarantee you cannot get infected, but it's more unlikely.
- Perform frequent backups and keep them stored off-line on an external hard drive.
- If you receive any suspicious email attachments (regardless of their file extension. It doesn't always need, or appear, to be an .exe file), delete them right away.
- If one or more clients get compromised, disconnect them immediately from the network.
- If your company uses cloud storage, disconnect infected clients to prevent them from syncing to the cloud.
- If you haven't performed a backup already (really??), do it now.
- Be ready to re-image the infected machine(s), if that's the case.
- Re-connect infected machines to the network only after making sure they're running a clean and trusted configuration.
- Be aware these guys are going for quick and dirty money and, if you're not an easy target, they might switch to an easier prey, and that's what you need to hope for.