WannaCry ransomware highlights need for protection

Here are five steps to help prevent a cyber loss

A quickly spreading ransomware attack that affected more than 200,000 computers globally seems to have slowed its spread, although most security experts expect a quick resurgence in a new form.

Businesses and computer users around the world were confronted with a message on their screen stating that their files had been encrypted and in order to restore their system they must pay between $300 and $600 in Bitcoin.

The ransomware, known as WanaCrypt0r, Wanna Decrypt, WCry or Wanna Cry, leverages a security flaw in Microsoft Windows that was widely reported in March and patched.

However, not all Windows users installed the patch or were able to patch their systems. The ransomware impacts users of older versions of Windows that cannot be updated, such as Microsoft XP, and pirated copies of the operating system, which are more frequent in Russia and China where the ransomware has proliferated and wrought the most damage.

Security experts warn that the while the proliferation of the WannaCry ransomware was stanched, the intervention likely is only temporary. Taking the preventive actions listed below will help to protect businesses and individuals from damaging ransomware attacks.  Here are five steps to follow to mitigate ransomware attack:

  1. Install Windows Updates. If you have not already installed the most current Windows update, do it now. If you have your system set to automatically install updates, great. You have done as much as you can to protect yourself at the operating system level.If you can afford to upgrade to the current version of Windows and your hardware can handle it, now would be a good time to do so. If you are still running Windows XP, as much as you may love it, you’re asking for trouble. There are simply too many documented vulnerabilities in Windows XP to justify using it for any critical function. If you cannot patch, consider network segmentation.
  2. Backup Critical Data. Backup critical data to the cloud and to removable storage. Redundancy is important when it comes to data backups. The more backups you have, the more likely it is that you will be able to successfully restore your data. Many of the strains of ransomware currently circulating are capable of infecting connected networks and cloud connections, so having a backup to a removable device is a good plan.
  3. Employ an Antivirus Program. Antivirus programs catch most malware. Keeping your software up to date will keep most threats away.
  4. Train Employees. Perhaps the most important thing business owners can do is to train employees to spot and prevent ransomware that starts off as a phishing email. A good first step is to train employees and to continue to reinforce training periodically. This should be offered especially to those who are responsible for accounts payable, human resources records and funds that will be transferred in real estate.Employees should be directed to refrain from clicking links in emails and to confirm that the sender actually sent an attachment before opening it. Even if the email appears to be from a trusted source, employees should copy and paste links into a browser to see what the link is before attempting to navigate to the web page.
  5. Check your insurance policy. If you have taken as many steps as you can to protect yourself from ransomware and still find yourself a victim, check your insurance policy. Many cyber insurance policies provide coverage for extortion and other ransomware attacks. Not only is indemnification often provided for ransom, systems restoration and business interruption losses, but your carrier may have access to specialized services that can also speed your way to recovery.

 

© 2017 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This article is for informational purposes only and does not modify or invalidate any of the provisions, exclusions, terms or conditions of the applicable policy and endorsements. For specific terms and conditions, please refer to the applicable coverage form.

Monique Ferraro

Monique is counsel in Munich Re’s US Cyber Practice at HSB. Previously, she was principal at a digital forensics, e-discovery and information security consulting firm and owner of a law firm. Ms. Ferraro is a Certified Information Systems Security Professional.

Submit a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s