eDiscovery Daily Blog

Ransomware Makes You Wanna Cry: Cybersecurity Trends

This must be our month for ransomware stories.  Unless you have been living under a rock for the past several days, you’ve undoubtedly heard about the WannaCry virus that has been attacking Microsoft© Windows machines without up to date security protections.  If you have been living under a rock, allow me to provide some information here.  :o)

According to the BBC (Cyber-attack: Is my computer at risk?, written by Zoe Kleinman), as of Sunday, there are “believed to be more than 200,000 victims in 150 countries.”  That figure is “likely to grow as people switch on their computers on Monday if their IT has not been updated and their security systems patched over the weekend.”

The WannaCry virus infects machines running Windows operating systems and is distributed by a recently leaked attack tool developed by the National Security Agency. Those who don’t update their Windows operating systems or are careless when opening and reading emails could be at risk.  However, the virus is “self-replicating”, so it can spread from vulnerable machine to vulnerable machine, even if you weren’t the one who opened the questionable email.

According to ARS Technica (WCry is so mean Microsoft issues patch for 3 unsupported Windows versions, written by Dan Goodin), the virus is so pervasive that “Microsoft is taking the highly unusual step of issuing patches that immunize Windows XP, 8, and Server 2003, operating systems the company stopped supporting as many as three years ago.  Microsoft also rolled out a signature that allows its Windows Defender antivirus engine to provide ‘defense-in-depth’ protection.”

People who are running unpatched machines should take action immediately. The best measure is to patch the vulnerability using this link for supported versions or this one for XP, 8, and Server 2003. Those who can’t patch should ensure their computers are locked down by, among other things, blocking outside access to ports 138, 139, and 445. They should also disable version 1 of the Server Message Block protocol.

According to ARS Technica, “Friday’s attack could have been much worse, had the perpetrators not slipped up by failing to register an Internet domain that was hardcoded into their exploit as a sort of “kill switch” they could activate if they wanted to shut down the worm. That made it possible for a quick-acting researcher to register the domain and stop much of the attack just as it was gaining momentum.  A new attack could come at any time.”

Ransomware attacks, and what to do about them is one of the topics we’ll be discussing at our webcast on Wednesday, May 31.  For more info on where to register, click here.

So, what do you think?  Are you protected?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.