WannaCrypt/WannaCry may best be remembered as the cybersecurity breach that convinced enterprises the world over that ransomware is a threat that is never going away. Already, multiple variants of the original code have been discovered “in the wild.” As has at least one new malware “worm” that reportedly takes advantage of the vulnerability exploited by WannaCrypt/WannaCry originally.
More such variations are likely to appear, soon and for some time to come. As are ransomware and malware threats that seek to exploit entirely different vulnerabilities, both old and new. And the “arms race” between online malefactors and those seeking to business online without disruption seems destined to continue indefinitely.
Your enterprise therefore needs a two-phase strategy, one that extinguishes the immediate fires of WannaCrypt/WannaCry and its variants, and fireproofs your enterprise against future threats. Herewith, four best practices you can use now and for the future.
A “forever” threat requires a “forever” strategy of multi-layered protection. Ivanti Chief Security Officer (CSO) Phil Richards developed a set of four best practices for dealing specifically with the WannaCrypt/WannaCry threat. I have taken the liberty of tweaking his recommendations to apply them to ransomware and malware threats generally.
1. Educate all your users, all the time
Ransomware gets into networks through phishing or other types of online social engineering. And no one is immune to clicking on a bogus email, attachment, or Web link that turns out to be a malware delivery vector. Train everyone, from executives to IT and cybersecurity staff, not to click on unknown or unexpected emails, attachments, or links—and to report them to your IT or cybersecurity team immediately.
2. Update your patches, and keep them updated
To slow the spread of WannaCrypt/WannaCry, update your Microsoft patches immediately—specifically MS17-010. To help maximize protection against malware and ransomware, get and keep your endpoint and server patches and updates up to date. Start with your most business-critical servers and endpoints, then add others as soon as possible.
3. Update your antivirus software, and keep it updated
Run effective antivirus software on all endpoints. If your virus definitions are one week out of date, the AV will not recognize this ransomware.
4. Limit admin rights and block rogue software
Restrict administrative privileges to those who really need them, deactivate them where they’re no longer needed, and allow only authorized, “whitelisted” software to run. Malware such as WannaCrypt/WannaCry would not be as successful as it is if it did not have access to admin privileges, and it would not run at all if it were not on the list of authorized software.
Make your anti-ransomware strategy real with Ivanti
Your strategy must be supported by technologies that enable your enterprise to detect, prevent, and remediate ransomware and malware attacks of all types, rapidly and comprehensively. Ivanti has solutions that can help you combat ransomware and malware, patch your Windows clients, other endpoints, and servers more effectively, and control admin rights and allowed applications easily and with no user pushback. We have partners, professional services, and expertise to help you at every phase of your cybersecurity journey. And if your enterprise has been infected by WannaCrypt/WannaCry, we’ve even got free software to help you “Get Well Quick.”
We’re here to help you evolve IT at your enterprise, to maximize its security, agility, and business value. Get in touch, and let’s start helping you to defeat ransomware and enhance cybersecurity, now and for the future.