Tips for Local Governments in the Aftermath of the WannaCry Ransomware Attack

Last Friday saw the biggest cybersecurity attack (yet).

Known as WannaCry, this powerful ransomware targets a vulnerability in Microsoft Windows to infiltrate systems and encrypt most or even all of the files on a user's computer. The attack spreads by multiple methods, including phishing emails and on unpatched systems as a computer worm.

While MRSC is not aware of any Washington State cities or counties that were impacted by WannaCry, there have been a number of ransomware attacks on local governments nationwide. Any Windows-based computer and computer networks that haven't been updated recently are particularly vulnerable to this latest attack. However, the reality is that no network is invulnerable.

What You Need to Do

Firstly, make sure that your IT team has installed the Windows security patch that corrects the vulnerability exposed by WannaCry.

• Microsoft released security patches for its newest operating systems (Windows Vista, 7, 8.1, and 10, and Windows Server 2008-2016) in March, but your jurisdiction may be one of the many organizations that don’t automatically update systems because this activity can screw up legacy software programs.
• Additionally, some organizations may have simply disabled automatic updates, especially those who run older versions of Windows, so last Friday Microsoft released security patches for these versions (Windows XP, Windows 8 and Windows Server 2003).

Make sure your Antivirus (AV) software is updated. Most AV vendors have now added detection capability to block WannaCry.

Deploy firewalls and train staff not to open suspicious email or attachments. See these best practices for email-based threats.

Keep your operating systems current and update antivirus software regularly. This seems like a no-brainer but some organizations have policies or practices that may impede this activity or are in contract with a 3^rd party vendor and only that vendor can approve/initiate updates.

Create a formal structure around backing up files (and network) regularly. WannaCry encrypts files stored on local systems and network shares. Protect critical data by creating different networks and restricting user access to these via data categorization and/or network segmentation.

Restrict access to network resources (ransomware can only encrypt what it can access or what machines it can propagate to can access) and block unnecessary ports.

Disable the SMB protocol on systems that do not require it. Running unneeded services gives more ways for an attacker to find an exploitable vulnerability.

Staying Safe

WannaCry exposed a painful truth about IT: When the basics are ignored due to oversight or because the organization is forbidden from taking action, things that should be easily prevented can cripple a network. Now is a good time review your IT policies and practices so that your jurisdiction is better prepared for the next major cyberattack.