The Official Blog of United Solutions

The Core

Protecting Your Credit Union from WannaCry Ransomware Attacks

By: Shea Lambert

July 12, 2017

On Friday, May 12th 2017, WannaCry Ransomware affected 200,000+ computers in over 150 countries. The Ransomware’s target were computers running Microsoft Windows operating systems. The goal was encrypting data and demanding ransom payments in the cryptocurrency Bitcoin .  WannaCry spread across local networks and the Internet to systems that were already infected with the DoublePulsar backdoor or were vulnerable to the SMBv1 exploit #EternalBlue.

When I learned of the cyberattack, the most startling aspect to me was not just the size of the infection, but the speed with which it spread.  After reading that Rapid7 has reported over 1 million systems worldwide have port 445 open to the internet, it’s not nearly as shocking.  It just shows that the rules of cyber security haven’t changed, they just need to be applied. 

Considering this attack, all Credit Unions should continue to utilize a layered approach to security, otherwise known as defense in depth. This tactic allows for the fact that detective and preventative measures can and do fail.  When this happens, other measures are waiting in the wings to defeat an attack.  In this case, a few policies and procedures would have protected an organization. The following are only meant as examples and not an extensive list of good practices. 

A Credit Union’s first layer should be a good patch management strategy.  Microsoft released a fix in March for the vulnerability responsible for the rapid spread of WannaCry.  The patch was available almost 60 days before it spread like wildfire on May 12th.  While it would be nice if all patches could be successfully rolled out the day of release, it’s not a reality.  Often, in the financial services industry, system uptime trumps remediation.  The process of planning, testing, approval and rollout can leave systems vulnerable for extended periods.  In fact, according to Kenna Security, on average, companies take between 100 – 120 days to remediate existing vulnerabilities which leads to the need for further layers of security.  Ensure your Antivirus, IDS/IPS and other security products are updated and using the latest signatures.  Major security venders had signatures in place to defend against WannaCry. 

Another layer of security might be a policy to decommission software and operating systems that are end-of-support.  Microsoft quickly released patches for unsupported systems this time; however, that won’t always be the case.  Additionally, consider disabling older, and less secure, protocols like SMBv1 across your network, and employ continuous employee training.  For example, use a service that provides simulated phishing attacks on employees. While WannaCry wasn’t spread via phishing or spear phishing attacks, a good security posture should include continuous training throughout the year. 

With ransomware, the last line of defense relies on having a good backup.  Should all other layers of security fail, you can recover your data from backup.  As a part of your backup strategy, consider using a secure Cloud backup provider.  Using such a service could mitigate against an organization’s near-line backup being exploited.

Shea Lambert

Shea Lambert has been with United Solutions for nearly 14 years. The creative force behind the development and design of new applications and systems at the company, he is also responsible for client security, as well as responding to client needs around the clock.