Paramount Software Solutions Inc

Poor Patch Management at the Root of Global Ransomware Attack?

By now, you’ve probably heard about the ransomware that hit 99 countries across the globe. Recent reports suggests the ransomware was able to spread so quickly because companies had failed to apply application and system patches, indicating many institutions may have to revisit their patch management processes.

The Guardian linked the ransomware to a cache of “cyber weapons” allegedly stolen from the U.S. National Security Agency by a group called Shadow Brokers. The ransomware, called “WanaCryptor 2.0” or “WannaCry,” exploited a vulnerability in Windows. Although Microsoft released a patch for that particular flaw, machines without the security update were susceptible to WannaCry.

WannaCry Details and Patch

Once a hacker uses WannaCry to infect a machine, it encrypts all of the files on the computer, notifying the owner that he or she will not be able to access those files unless the victim pays $300 in Bitcoin to a specific web address. You can see the actual message in the tweet below:

As mentioned, Microsoft already created a patch for WannaCry. Microsoft Security Bulletin MS17-010 – Critical explained the vulnerability is associated with the manner in which the Microsoft Server Message Block 1.0 (SMBv1) server handles specific requests. A hacker could exploit this flaw to develop a special packet and send it to an SMBv1 server.

Microsoft did provide a workaround for organizations running Windows 8.1, Windows Server 2012 R2 and later versions that cannot implement patches in the immediate future. For example, sysadmins managing Windows Server can go to Server Manager, click the Manage menu and select “Remove Roles and Features.” In the features windows, sysadmins need to uncheck the SMB1.0/CIFS File Sharing Support, click OK, and restart their servers.

According to separate story from The Guardian, WannaCry impacted operations at FedEx, Spanish telecom Telefónica, and the U.K.’s National Health Service. In fact, the NHS had to cancel operations, X-rays and other services as a result of the ransomware.

To protect themselves from future, inevitable ransomware attacks, affected companies should review their application patch management practices to identify opportunities for improvement.

Reassessing Your Patch Management Process

There are a number of things organizations can do to improve their patch management processes. The first step involves cataloging all of the systems they manage and run.

Research from Tripwire found most IT professionals either struggle to keep up with, or are “completely overwhelmed by” how many patches they need to address. Cataloging systems allows administrators to figure out which patches apply to which technologies. The patch management system should, ideally, automatically send patch alerts from software companies to the catalog. That way, sysadmins don’t have to manually enter available updates.

The catalog must also possess a severity rating system similar to the one Microsoft uses to designate patches. For example, the software company uses four ratings:

  1. Critical: Vulnerabilities that allow malicious parties to execute code on a machine without having to interact with the owner of the machine.
  2. Important: Flaws that could enable hackers to steal or manipulate a user’s data or a machine’s computing resources.
  3. Moderate: Bugs that are tempered by authentication requirements.
  4. Low: Vulnerabilities that have a negligible impact on the system’s integrity.

Organizations can use whatever rating system is most applicable to them. If the company in question typically uses Microsoft technologies, the aforementioned classification system may be the best option.

Patch management is, obviously, a complicated process. Organizations may benefit from getting outside opinions as to what’s wrong with their current procedures and how to implement improvements. Third-party perspectives may reveal issues internal staff didn’t even know to look for. After they identify those deficiencies, you can take corrective action.

Share this on

Poor Patch Management at the Root of Global Ransomware Attack?

Stay In Touch

The future of businesses is ever-changing. Keeping up with the demands and dynamics of the technology industry is the most challenging now than ever.

ADR Mediation Scheduler Application Development

Drupal 8 Management, Maintenance, Support

Web Re-design & Re-hosting

Book A Demo

Employee retention is undeniably crucial for every organization and we have thought it through. Our retention focused employee benefits are designed to appeal to the best talent across industries. With an incredible 5-7 years retention span, we keep allocating the right cultural and operational fits that would not jeopardize an existing project implementation.

With a unique blend of traditional and contemporary management systems introduced, decision-making at Paramount is fast and effective. To help government agencies continue and also boost operational activity,  we ensure the quickest possible turnaround time. Instead of long traditional onboarding practices, we take pride in achieving a much shorter process to eliminate possible delays.

Our state – of the – art system enables our team to match solutions, and resources, for our government clients to bring in the latest and the most digitally advanced technical expertise – be it talents or technology solutions. We go through a matrix system that will match needs with solutions, keeping in mind parameters like cost, existing technical environment, and any other government prerequisites. Providing a solution that will match all the core needs is of utmost importance for Paramount – we go to absolutely all lengths to deliver precisely that.