Windows XP isn't responsible for WannaCry attacks

The WannaCry Ransomware attack that hit the NHS and businesses worldwide recently captured headlines and brought Ransomware – a topic we’ve been informing customers about for years – into the mainstream media arguably for the first time.

A lot of the national media attention focused on the NHS’ partial use of Windows XP, casually informing users that this was the primary mechanism by which WannaCry was able to infect systems and propagate around IT estates. This gave the unfortunate impression that users running more recent operating systems were somehow protected.

Whilst unpatched and older operating systems were partially vulnerable to the attack, it’s a red herring to blame Windows XP for the attack. In fact, Sophos’ post-attack analysis proved that Windows XP was an ineffective conduit for the infection and was largely blameless for the troubles afflicting organisations such as the NHS.

The attack actually hit Windows 7 machines most significantly; the same Sophos analysis indicates up to 98% of infected devices were running on Windows 7.

The root cause of the issue, and the reason this attack infiltrated so many machines, was down to unpatched systems, regardless of age.

WannaCry exploited a vulnerability in Windows’ Server Message Block (SMB) – a vulnerability that Microsoft patched in March 2017 for all operating systems as far back as Windows Vista.

For those of us in the IT sector who follow cyber security daily through experts including Datto and Sophos, we know the attack comes down to more than a barely-supported Windows XP operating system. But those who don’t work specifically in IT, who will have mostly seen this attack mentioned in the mainstream news, could be misled due to the focus on Windows XP and this could pose a risk to their business.

We know that Windows 7, a supported operating system despite the fact Microsoft is phasing it out, was the OS impacted the most heavily from this attack. But this doesn’t mean that Windows 7 is especially vulnerable either; the Sophos research conclusively showed that it was down to the lack of patching.

This incident highlights the importance of an expert IT department. According to Sophos, the reason businesses like the NHS fell victim to this attack was due to a lack of resources required to patch their systems regularly, consistently and in a verifiable manner.

Understandably, not all businesses have the funds nor the need for an extensive IT department, and that’s OK. Your business of 20 employees doesn’t necessarily need a 5-strong IT team. This is where outsourcing IT support is advisable. You need some level of IT expertise to protect your business, whether that’s in-house or external, or you’re vulnerable to these attacks.

At TSG, we offer a complete IT support and security portfolio, and we can be the experts your business needs. A number of our customers were targeted with the WannaCry Ransomware attack but weren’t even aware of it thanks to the defence-in-depth approach we take to protect them. Some customers only found out when our proactive IT support solution SystemCare reported back to them after it, along with Ransomware-preventing anti-virus Intercept X, stopped the attack in its tracks.

To truly protect your business from all of the threats out there, from WannaCry Ransomware and other cyber-attacks to natural disasters, you must have multiple layers of defence in place. Here’s how your security solution should look:

1. Run a supported, patched operating system

Although a number of businesses who experienced this attack were running supported systems, they were still hit by WannaCry. Running on supported systems mean your OS provider, for example Microsoft, will release security patches regularly. But these supported systems are useless if you don’t install these security patches consistently and rapidly. That so many of the companies hit by WannaCry didn’t have the resource to properly patch their systems is shocking. If there’s one business case for bolstering your cyber security and your IT support – whether that’s in-house or outsourced – this should be it.

2. Use effective anti-virus solutions

It’s widely recognised that anti-virus programmes are one of the best lines of defence for your business and your data, so we won’t go too much into this. We’re partnered with one of the world’s leading cyber security experts, Sophos, and highly recommend its wide-reaching solutions. However, thanks to the proliferation of zero-day attacks, you need additional protection on top of your anti-virus, which will undoubtedly prevent the day-to-day system breaches you could unknowingly be facing. Which brings us to our next item…

3. Ransomware-specific anti-virus

Ransomware is not a new threat, but thanks to advancements in hacker techniques like email spoofing, it’s seen an incredible resurgence in the past two years; 2016 was dubbed ‘the year of the Ransomware’ thanks to the 3,500% increase in attacks. By November 2016, 54% of UK businesses had experienced a Ransomware attack, yet it only made mainstream headlines in May 2017 with WannaCry. See more statistics on Ransomware in our handy infographic.

Sophos’ intelligent Intercept X solution provide an additional layer of protection over and above that offered by a standard anti-virus. Even if a Ransomware attack defeated your anti-virus solution, Intercept X would detect unexpected encryption activity and stop it within seconds. Any files that were encrypted would be immediately and automatically recovered by Intercept X.

4. Informed employees

95% of all cyber security breaches involve human error, so it’s essential that your workforce is vigilant when it comes to cyber security. We’ve recently added Sophos Phish Threat to our product portfolio; this product generates extremely well-crafted, simulated phishing attacks that you can target at your own employees. Fortunately, rather than encrypting files or stealing login details, any users who click a link in one of the simulated emails is directed to some excellent security training materials.
TSG currently uses Sophos Phish Threat to test out own defences and we would highly recommend it to any customers concerned about their internal security culture and levels of awareness.

5. Backup and disaster recovery

The sad truth is that no amount of patching, anti-virus or clever Ransomware-specific technology will necessarily prevent all threats. A robustly-maintained backup and disaster recovery solution is the last line of defence should the worst happen. This means it’s essential you understand how your key systems and data are protected. By implementing a full disaster recovery solution which backs up not only your files, but your systems too as Datto does, you can get your business up and running again in the quickest time possible. This safeguards your business from zero-day threats, all manners of cyber-attacks and natural disasters like fire.

The key lessons from this blog are: don’t believe everything the mainstream media tells you about cyber security, and ensure you have an IT support solution that will protect your business from these ever-evolving threats.

Blog written by Natasha Bougourd with special thanks to Simon Harvey, Head of IT and Business Systems at TSG