Recently the United States Computer Emergency Readiness Team (US-CERT), an organization within the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) and a branch of the Office of Cybersecurity and Communications’ (CS&C) National Cybersecurity and Communications Integration Center (NCCIC), encouraged users and administrators to review a recent article from the Federal Bureau of Investigation (FBI) regarding Building a Digital Defense with an Email Fortress.

Are we have discussed in many posts before, phishing — the fraudulent practice of sending emails purporting to be from a reputable entity to induce an individual to reveal privileged information such as a password — remains a major security threat.  Within the article, the FBI provides several helpful actions for businesses can take to reduce their risk of being phished, including reporting and deleting suspicious e-mails, and making sure that countermeasures such as firewalls, virus software, and spam filters are robust and up-to-date.

We encourage each of our readers to review the FBI’s guidance and consider whether their organization could benefit from any of the methods of protection provided.

Companies with any questions regarding any of these issues should not hesitate to contact the team at Mintz Levin.

UPDATE:  Europol chief Rob Wainwright told the BBC, “Companies need to make sure they have updated their systems and ‘patched where they should’ before staff arrives for work on Monday morning.”

By now, you may have heard about the global ransomware attacks affecting organizations throughout the world. Estimates range from between 150,000 to 200,000 groups in nearly 150 countries, and those numbers could be higher.  The ransomware variant, called “Wanna Decryption” or “WannaCry” works like any other ransomware: once it is inadvertently installed, it locks up the organization’s data until ransom is paid. Here are some quick facts about the WannaCry attack and suggestions for avoiding it.

How does ransomware get onto a system generally? 

Ransomware installs on a victim’s computer when a user clicks on a malicious link in a “phishing” email (or an email designed to trick the user into thinking that it is from a known or legitimate source). Ransomware can also be downloaded through infected file attachments or visiting a website that is malicious in nature. WannaCry appears to be delivered through links in phishing emails. You can read more about ransomware generally here, here and here.   See graphic of malicious file message.

How does WannaCry work? WannaCry affects systems that are behind in their Windows patching. There is actually a patch for the vulnerability exploited by WannaCry (see, US-CERT article on Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010).   See the following links for additional technical information:

Is any system particularly vulnerable? 

Because Windows Server 2003 or older, and Windows XP or older on the desktop, have been discontinued by Microsoft and are unsupported, these systems are particularly vulnerable. In response, Microsoft has taken the highly unusual step of releasing emergency security patches to defend against the malware for these unsupported versions of Windows, such as XP and Server 2003. Everyone should be actively checking systems and updating.   This may be the first time that Microsoft has ever issued patches for decommissioned software.

What are immediate steps for an organization that is attacked?

An organization that is attacked should immediately isolate the affected systems and networks to avoid the spread of the malware and contact law enforcement.

How can a WannaCry victim regain access to data? 

Once WannaCry or other ransomware installs and locks up a victim’s data, the only alternatives are: 1) restore data from clean backup systems; or 2) pay the ransom.

How can WannaCry and other types of ransomware be avoided?

  • A comprehensive and continually updated security risk assessment
  • A security risk assessment that doesn’t address ransomware is out of date
  • Workforce training on ransomware – make sure that the workforce understands the importance of avoiding suspicious email messages, links and attachments
  • Workforce testing on ransomware – send suspect phishing emails and see how many click on the suspicious links.
  • Maintain comprehensive data backup systems – make sure that they are easily accessible in the event of an emergency (practice accessing them in a non-emergency)!

We will provide further information on the WannaCry attack as it becomes available.