WannaCry? Why you need to invest in Ransomware Protection NOW!

By May 27, 2017July 9th, 2017Blog, Newsletters

FYI: NONE of our clients were hit with WannaCrypt.

On of the most common objection I will get when presenting managed IT service options to a prospective customer is their belief that what we’re offering is either “too expensive” or that they don’t really need it – “we’ve never had a problem before!”

As you may have heard last weekend, ransomware known as WannaCrypt or WannaCry swept across the globe, infecting over 200,000 individuals in over 150 countries, taking down hospitals and medical centres part of the UK’s NHS and causing damage and destruction globally.

One 22 year old security researcher managed to accidentally stop the spread, but you can bet that this is only a short delay, until its re-unleashed to cause further destruction.

Why?

Firstly, we take proactive steps to ensure their systems are up to date; that old and outdated software is upgraded or replaced; and that best practice security recommendations are implemented.

Secondly, we insist they install a proper Unified Threat Control System thus limiting the chance that any malware on the internet can infect their systems.

Thirdly, we implement a defense-in-depth approach to protecting servers and computers, using industry leading technology which further protects their computers from common viruses as well as ransomware/crypto-malware.

This involves limiting access to trusted websites. We monitor internet access for command and control limiting or content management. We limit user access on the desktop to prevent unauthorized execution of code that would otherwise execute unaware of the user.

Basically, we manage the heck out of your network to keep your network safe and secure.

A lot of work goes into this. I personally spent several hours on Saturday double and triple checking that all these things were exactly as they should be when I was alerted to this new threat – JUST IN CASE!

And, the result, not one of our clients was affected.

You may be safe for now, but,  But what would your customers say if you HAD been affected? Will they call you stupid, or just ignorant? What will the cost be to your business when something does happen – and it’s only a matter of time!

This outbreak wasn’t anything super intelligent. Someone used work produced by the NSA (American spy agency) that was leaked onto the internet and bolted two ideas together, along with an encryption algorithm (they most likely stole from somewhere else) and set it out into the wild cloud we call the internet.   The amazing thing about this particular deployment of malice is how fast it spread, affected over 200,000 machines worldwide, and the bulk in under 3 hours!

Although hundreds of security researchers and journalists have covered the basics, here’s what you need to do to avoid WannaCrypt or any future variants that abuse the DOUBLEPULSAR and ETERNALBLUE exploits written by the NSA.

  • Ensure Microsoft Updates are ON and UP TO DATE
    • Windows 10 was updated in March to fix this issue (MS17-010)
    • Patches for Windows 7, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012 R2 were also fixed by MS17-010
  • If you’re STILL using Windows XP, Windows 8 or Windows Server 2003, Microsoft has released a special patch (that’s how serious this is!!)
    If your wondering… XP, and Server 2003 is no longer supported, however Microsoft kindly patched even these!
  • Disable Samba v1 from your computers
  • Ensure that Samba (Windows File Shares) and Remote Desktop Protocol (RDP) are not accessible from the public internet
  • Ensure your Servers and Computers have up to date anti virus which is designed to stop malware and ransomware
  • Ensure you have working backups…..and better yet… check the backups to make sure they work!

If you’ve got a spare few hours every day to keep up to date with this stuff, to ensure your business that’s great!  But likely your primary business isn’t IT and you are better off with someone, or a team of experts to manage these daily tasks.

If you don’t have the time to keep up to date on this stuff, because you’re busy doing whatever it is that your business does, to service your customers, and generate an income –

Call for a FREE, no obligation security audit to see if your systems are protected AND click HERE Make an Appointment to schedule your Free Network Evaluation and Consultation.

I’d love to discuss how we can protect you.  We offer complete packages that are sure to please your wallet, and your conscience.  Get complete protection for you business NOW for less than an average part-time person. Let us prove it, and show you true Absolute Care.

 

Robert Crossland

Author Robert Crossland

More posts by Robert Crossland