cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Ransomware and how Wannacry affected the world

Hi All

 

Read and digest over your morning Coffee:  https://securityintelligence.com/articles/wannacry-worm-ransomware-changed-cybersecurity/?utm_medium...

 

Regards

 

Caute_cautim

4 Replies
CISOScott
Community Champion

Here's how it changed my world. When it hit the local National Public Radio station and my boss' boss heard about it, she called me and my boss (Deputy CIO, CIO) down to her office and asked were we affected by the WannaCry "virus". We did some vuln scans and found 10 machines that were susceptible to it and we patched them.

 

Because it hit the mainstream news, we had to fix it right away. Not that we weren't already looking for it, but because she heard about it, we had to take immediate action. We knew after that, that if any new "virus" hit the news we had better be prepared to walk down the hallway and explain it to her.

Caute_cautim
Community Champion

@CISOScott    Yes, I remember it well, I received a phone call from a client on a Saturday morning.  The PoS terminals had gone down in the High Street store.   I rapidly had to obtain executive permission to engage, and bring in the Incident Response troops.  They were connected across a flat network to Australia with no filters, no bumps between  - it sweep through their stores in New Zealand and Australia    We went into Incident Response Mode with a team of coordinating and triaging, rebuilding Microsoft AD's and patching systems and putting fingers in the walls of the dikes to ensure they could open on Monday morning at 0900 hours during normal trading hours. 

 

We succeeded, it took a further week to sweep from both ends to isolate, patch, clean, and re-build all the MS ADs etc.

 

What a horrible weekend.....

 

Regards

 

Caute_cautim

HTCPCP-TEA
Contributor I

Remember it well. 

 

The look of shock in my director's eyes when I laughed very loudly at being called into the office to "Deal with it"!

 

Being a security pro, former "Black-hat" and enjoy malware research etc, it puts things like the EternalBlue exploit leak top of the Xmas tree for me. So seeing the chat exploding prompted to double check the asset list and be sure. 

 

By the time I received the call, it had already been dealt with (on the handful of machines out of date etc), but the fact that Zepto, Emotet and Conficker had already previously hit us and been addressed by the team with little more than a rumble at the director level said volumes about where the company were. 

 

Several people have since "left" and the posture has somewhat been, changed.....Funny what mainstream media can do to those who have little clue about what happens around them....

Steve-Wilme
Advocate II

It brought a lot of focus to basic security hygiene, which has been lacking in many organisations.  A ransomware attack should result in you being patched up to date very rapidly and it should stick in place, as the war story of handling the incident will be fresh in people's minds.  But roll forward 5 years, a significant number of those that remember it will have moved on and basic security hygiene is more likely to have been cost cut or deprioritised.  Things just tend toward entropy over time.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS