We are techies at heart! T: 01923 537247
IT Support services to help transform your IT function to underpin current business objectives and future aspirations

IT Support in London & Hertfordshire

What is WannaCry, and why it didn’t make us shed a tear?

On Friday the 12th May 2017, the WannaCry ransomware attack started. A worldwide cyberattack which targeted computers running Microsoft Windows operating systems by encrypting data and demanding ransom payments in Bitcoin.
Ransomware Trojans have been around for a while now and I can’t deny that they have given me sleepless nights. A virus that can bypass most antivirus filters and encrypt a company’s data. When you run a managed service support company that doesn’t charge for clean-up work if a client gets infected, it means that if we slip up and it gets in, it’s us who will be running around trying to recover the situation (whilst trying not to lose the client!).
Then again that is exactly why clients hire us. We look after their security patching, their Anti-Virus and their security, so our clients expect us to make sure these things are up to date and secure. If we get it wrong it’s only fair it becomes our issue, not the clients.
Historically though, ransomware is spread slowly by malicious emails. It is able to bypass security software because it’s the user who opens the email attachment, and so the user inadvertently gives it permission to start encrypting. As the user has granted permission it is not picked up as a virus.
I won’t go into exactly why WannaCry was different, but rest assured it was. At its simplest form, WannaCry spread by using a vulnerability in Windows Operating Systems, rather than via email. Any machine that had this vulnerability could be infected and there were many vulnerable devices, especially at the NHS!
By Saturday morning we were seeing the full impact, it was front page on BBC News. Friends and ex colleagues were desperately patching their systems trying to fix the vulnerability before they got attacked.
But let’s step back. WannaCry spreads due to this vulnerability, not due to users clicking on attachments. Our clients pay us to make sure their machines are patched, and the patch for this vulnerability had been released 2 months ago!

So what were TechSolvers doing on this disastrous weekend? Simple answer was not panicking. Our systems had already applied the patches, yes we double and triple checked, but the systems we look after were secure and patched, our clients were safe.
However, even companies who thought they were up to date with patching may have still had a problem. For years, we have all known that XP should no longer be used. Microsoft neither patch or support it anymore, so if we had have been supporting XP machines, they would have been vulnerable like any other unpatched machine. Thankfully we had been advising our clients for a long time to get rid of XP, and while some initially objected, after explaining that replacing XP was essential for security they eventually all followed our advice. So with no XP machines and everything else patched, TechSolvers clients were safe from Wannacry.
Then on Sunday it stopped, a kill switch was found and the virus was disabled around the world in one easy move.
Many companies are still patching this vulnerability, as while its stopped for now its highly likely that WannaCry, or a variant of it (with no kill switch) will be back.
So the simplest lesson to learn from this is that systems must be patched, and that if you are running Operating Systems that are out of support (and can’t be patched) it is time to replace them. Do that and Wannacry won’t make you shed a tear.
Even if your company doesn’t need TechSolvers to provide support, we do provide a service called Cloud Secure. This service is simple. It means managed security patching, managed Anti-Virus and managed Web Filtering for all of your devices. If you have concerns about security but are happy with your IT Support then this is a service worth considering.

Note: Before I get called out; Yes, Microsoft did release a patch for XP, but this was only on the Saturday. They didn’t have to, but due to the scale of the attack, they did. If you think this means that XP is safe, it is not. It left a gap from Friday to Saturday when every XP machine in the world was vulnerable, and if Microsoft hadn’t released a patch (they had previously said they would never patch XP again) then the situation would have been far worse!