This particular ransomware strain, although hitting numerous hospitals in the UK and many other organizations across the world had a kill switch. The ransomware would attempt to connect to a domain with a very long and complex name, if the domain was _not_ live, the ransomware proceeded to encrypt all files. If the domain _was_ alive, it would halt and not cause any harm. A security researcher by accident stumbled upon this info, quickly registered the domain and halted the progress of this malicious strain across the world.
Now, it is likely that the bad guys will release another version shortly, but by then, hopefully other controls such as anti-virus and firewalls/IPS could detect and block this particular type of attack.
So What Can You Do?
Proactive patch management is the single most effective measure you can take to protect your organization from ever evolving vulnerabilities and while many IT departments struggle to keep up, you do have options. You don’t have to bear the burden of risk all on your own, you can offload server monitoring and management, including patching, to a service provider that has security policies and procedures to protect against this very threat.
But if you do get hit, what can you do? Well you can pay up, which most security experts will advise against, but it appears to be the easiest and fastest solution as a looming time bomb, that threatens to destroy your most critical data, ticks away.
Your best alternative to paying the ransom is restoring from Backup. Having a robust data backup solution in place that has been tested and proven to not only work successful backups, but that you can in fact restore your last safe backup. Again, ask yourself if this type of task is the most valuable use of your team’s time, and if you are in fact more vulnerable by trying to go it alone.
At the end of the day, we are all in this together, if you are interested in talking to one of our experts, just let us know.