Q: I only had one customer who was affected by last month’s WannaCry attack. Moving forward, we want to continue to be proactive in keeping our customers safe. What is the next big ransomware variant on the horizon, and what can we do to protect our SMBs against it?
It’s certainly hard to predict what the next big ransomware attack will be, which is why it’s important to have technical safeguards in place for your SMB customers. With the recent NotPetya attack surfacing, it appears that ransomware won’t be taking a break anytime soon, so you need to educate your customers about ransomware now.
To dive deeper into specifics of why WannaCry was so successful, how NotPetya surfaced, and how to safeguard your SMB customers from future threats, we spoke to Paul Hanley, the desktop support specialist at Intronis MSP Solutions by Barracuda. Here are his tips and advice on how to keep your SMB customers safe.
The recent threat landscape
The past few weeks have certainly put ransomware back in the spotlight. First, the WannaCry attack went global in a matter of days, and now the NotPetya attack has hit businesses hard. The attacks seem to have stemmed from a vulnerability leak from a famous hacker group called the Shadow Brokers. This leak contained multiple zero-day exploits, including EternalBlue, which was the vulnerability that WannaCry used to infect thousands of computers in May. Microsoft released a patch back in April to safeguard users from attacks against nine vulnerabilities on the Shadow Brokers NSA exploit list — including EternalBlue — but numerous end-users who were on legacy systems or hadn’t patched their systems fell victim to the attack.
NotPetya is still very new on the threat landscape, but it has already hit companies with major infrastructure, such as Merck the pharmaceutical company. The variant started spreading like Petya, but as the attack continued, it became apparent very quickly that this isn’t a new variant—it’s a new attack. Microsoft is continuing the investigation, and we will probably receive more details in the coming weeks.
But, what’s next? While no one can accurately predict which threats will emerge next, the two most recent attacks are a sign it’s likely the next major attack will exploit another vulnerability from the Shadow Brokers’ leak. Both NotPetya and WannaCry have taken advantages of these vulnerabilities, so we’ll probably see a few more variants before hackers move on to the next big thing.
Protecting your SMB customers from advanced threats
Today, everyone is at risk for a ransomware attack—no matter how big or small your business is. Keeping business-critical data safe is no easy task, and you and your SMB customers could fall victim to the next attack. To reduce your chances of being hit with an advanced threat, follow these best practices.
Secure commonly exploited threat vectors. Threats can infiltrate networks in various ways. To mitigate risks, deploy robust solutions; such as an email security solution and a next-generation firewall; and secure web applications, remote users, and the network perimeter.
Educate users on how to detect social engineering threats. Phishing attacks and spear phishing attacks continue to become more sophisticated—and even savvy users fall victim to them daily. Continue to educate your SMB customers on how to identify phishing attempts and protect their organization from these threats.
Keep systems updated. It only takes one vulnerability to leave a backdoor open on a network. WannaCry highlighted the importance of keeping up with routine patches. Businesses tend to be slower to implement patches in their network in order to make sure the patch will work with their current environment. Don’t wait too long to implement a patch, though, because it could leave you and your SMB customers vulnerable to an attack.
Backup business-critical data often. Find a reliable backup solution that enables you to restore business-critical data to meet short RPO and RTO times, and then test the backups often. If one of your SMBs falls victim to an attack, you can simply restore from the most recent backup set to get them back up and running quickly.
Your SMB customers can fall victim to an advanced threat at any time, but putting the right solutions and procedures in place can help mitigate the risks and severity of an attack. While no one knows what is the next big thing will be when it comes to ransomware, following these best practices could save you and your SMBs down the road.