Reports on the wire indicate that some 300,000 computers were hit by WannaCry, but that only some $94,000 in bitcoin payments were made. It really doesn't sound all that bad when you think about it, so many IT managers and executives are looking sideways at the IT security people and thinking... "I knew it."
Meanwhile those IT security people are still waving their hands around saying "But... but... we're still vulnerable!" because there are still so many unpatched (or un-patchable) systems out there. Heck, I recently bumped into a couple Windows Server 2000 systems running critical business operations. The vulnerable systems are out there and waiting... like so many limping wildebeest, trailing at the back of the herd.
And, sure enough... here come the hyenas. (I was originally going to go with a whole Matrix theme here... but somehow this works better. In theory I should change the title... but nah... I like it.)
Bleeping Computer reports a new worm (hyena pack) in the wild that uses not only the same two NSA tools that WannaCry used, but also five more. What's more is that the new worm lacks the kill switch that hacker developers inexplicably placed in the original WannaCry worm, and possibly scariest of all, it has no immediate destructive payload. Presently, it's just... spreading. I know that doesn't sound that bad... like a spreading cold virus that doesn't make you sneeze... but I shouldn't have to explain that a compromised system is a compromised system. No matter how dormant it may be now, it may not be so dormant tomorrow.
With WannaCry, we could see the dust on the horizon as the herd of hyenas was charging towards us. With a virus that spreads silently, but waits... we won't have that. We'll be in the middle of our mid-morning coffee someday, and suddenly hyenas will jump out of our closet... and every closet of every business that happens to have unpatched systems. Which is a lot of businesses, BTW. Like... almost all of them. Like, honestly, I don't think I've ever walked into a business that wasn't seriously behind on patching in one way or another. Not once in twenty five years.
It all comes down to the same basic formula:
- Ensure your systems are patched. Always.
- Get old operating systems out of your environment immediately.
- Trust when your IT people say that all systems are patched, but absolutely verify that fact.
And really, most importantly, make security a top priority in your company. Make it a part of every discussion, every day, because even when you dodge one bullet, you know Agent Smith has more coming, and there's more Agent Smiths' running around than you can smack down with a light pole.
(There! I got the Matrix bit in there after all!)
Stay (get) safe out there!