WannaCry Ransomware Recap and the Importance of Patch Management — Network Consulting Services, Inc. - NCSi

News & Tech Alerts

The latest news and information from NCSI

In the first half of May 2017, a new strain of ransomware emerged. That alone wouldn’t be unusual since the AV-TEST Institute registers over 390,000 new malicious programs every day, and since ransomware attacks on businesses now happen every forty seconds, according to Kaspersky. But this type of ransomware, known as WannaCry, quickly turned out to be far more dangerous than other common ransomware types.

It exploited a critical vulnerability in the Windows operating system called Eternal Blue. This vulnerability was first discovered by the National Security Agency and later made public after a group of hackers known as the Shadow Brokers successfully penetrated servers of the Equation cyber espionage group, stealing a huge collection of data that contained a number of exploits and hacking tools.

By exploiting the vulnerability, WannaCry could rapidly spread itself across an organization’s network, encrypt all data, and demand a hefty ransomware from the affected users. Only three days after the initial outbreak, 200,000 computers in over 150 countries were infected. Hospitals couldn’t access their patient clinical information systems, banks were unable to process transactions, and businesses were losing revenue with every second of downtime.

WannaCry was slowed down only after British security researcher MalwareTech had discovered a built-in kill switch. It turned out that WannaCry was built to look for a certain domain before beginning the encryption process. When MalwareTech registered the domain, he single-handedly disabled WannaCry.

Two days later, the creators of the original version of WannaCry released a new version. The new version failed to cause any significant damage because it featured a similar kill switch, which allowed security researcher Matt Suiche to register another domain and point it at the same sinkhole server as the first one.

As effective as the activation of the hidden kill switch was at slowing down WannaCry, it doesn’t help devices that have been encrypted by the ransomware, and it also doesn’t stop the spread of the original version of WannaCry and all other subsequent versions. The only effective protection against a WannaCry infestation is the available Windows update. Ivanti, a provider of endpoint and server patch management solutions and IT security products, offers a free 90-day patch license that allows anyone to swiftly patch workstations and servers against WannaCry from the SCCM console with no added infrastructure or training. All patches available through Ivanti are thoroughly tested by the company’s patch content engineers to ensure proper patch compliance. Ivanti’s patch management solution is the ideal first line of defense against all types of modern malware.

Lackluster Operating System Patching Is to Blame

Perhaps the most astounding aspect of the WannaCry outbreak is the fact that, two months prior to the attack, Microsoft had released a critical update that fixes the exact same vulnerability that was exploited by the attackers. “This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server,” stated the executive summary published on March 14, 2017.

The problem is that most companies take an average of 100-120 days to patch vulnerabilities, according to Kenna Security’s Remediation Gap report. That’s almost twice the amount of time they had before the WannaCry outbreak. The same report also states that the chance of a vulnerability being exploited hits 90 percent between 40-60 days after discovery.

A survey by Enterprise Management Associates confirms that cyber security professionals feel overwhelmed by the volume of vulnerability maintenance work they face. “A full 79 percent of those cybersecurity professionals report that the patching approval process their organization relies on is mostly manual…64 percent admit that threat alerts are not addressed each day, and another 52 percent report that threat alerts are improperly prioritized by systems and therefore must be manually reprioritized,” summarized the survey Mike Vizard for Barracuda.

Clearly, businesses and organizations must work hard to improve their software patching processes. While vendors release critical patches all the time, IT administrators seldom find out soon enough, instead relying on anti-malware software to keep malware at bay. Even when IT administrators are aware that a critical update has been issued, they need to first test its impact before they can apply it.

A more effective solution is needed, one that would automate operating system patching and keep third-party applications up-to-date. For years, Ivanti has been providing IT systems management, security management, service desk management, asset management, and process management solutions to organizations worldwide. “Customers use Ivanti to manage over 250 million desktops, servers, and mobile devices—unifying resources, automating the delivery of assets, and improving ROI. We help you enhance worker productivity while maintaining security management. Working with a variety of markets, Ivanti enables a new dimension of business success,” states the official website.

In the wake of the WannaCry outbreak, Ivanti is offering a free 90-day license for their patch management solution – unlimited nodes, so you can protect your entire enterprise

With Ivanti, it’s possible to easily and automatically evaluate, test, and apply OS and app patches enterprise-wide; patch third-party apps from the SCCM console with no additional infrastructure or training; and keep Windows servers and endpoints updated without taking on the extra time and resources and increased risk of human error that regular patching methods entail.

Why spend time and money on patching when there are mature patch management solutions that allow you to focus on your core business, improve your security, and reduce overhead—all at the same time.