Welcome to the Monday morning aftermath of WannaCry, which some security experts are calling the largest ransomware outbreak in history. If you took Friday off or happened to be unplugged over the weekend, you may just be learning that the world has experienced the largest distributed ransomware attack in recorded history.
How Bad Was It?
One organization that felt the brunt of this attack was the UK’s National Health Service. The malware took down 16 providers and, in some cases, caused the denial of medical treatment and surgeries for noncritical care issues. However, many businesses and government organizations in Europe, Asia, and the United States were also hit. At last count, WannaCry has affected 200,000 users in 150 countries.
While the impact of this attack was extensive and widespread, there could have been an even greater financial hardship if the EU’s Global Data Protection Regulation (GDPR) that is scheduled to take effect next year had already been in place. According to the GDPR compliance requirements, a ransomware attack such as WannaCry would have resulted in massive data-privacy breaches and triggered fines for a large segment of global businesses, which could have been astronomical bordering on apocalyptic.
How Did It Happen?
The WannaCry attack took advantage of a known vulnerability called “EternalBlue” that affects the SMBv2 protocol via remote execution on Windows Systems and that can self-replicate and expand its footprint automatically. By the time I get my coffee this morning, I have no doubt that the “talking heads” on the major news networks will be throwing Microsoft under the bus for having yet another exploit on something they provided a patch for almost 60 days ago and not continuing to support 15-year-old operating systems, or bemoaning supposed NSA hacking tools being released into the anarchy of the Internet. However, the one thing that no one is talking about is the impact of this attack on data and data protection as part of a vulnerability management strategy.
How Can You Recover?
At Druva, we spend a lot time thinking about how to leverage the cloud to protect critical information, no matter where it lives. One of the areas that we focus on explicitly is how to protect our customers from the impacts of ransomware. While it’s important to include system patching and modern endpoint security solutions in your organization’s operational strategy for dealing with known vulnerabilities and ransomware like WannaCry, they don’t address the needs of the business once an attack occurs. This leaves you with two options:
- Pay the ransom. One option is to pay the ransom and hope they get their data back, which in turn makes them a bigger target for more attacks. Last I checked, hope is not a strategy.
- Restore the data. Another option is to try and recover with whatever legacy backup solution is already in place. But what will you do when ransomware attacks your organization’s data in places that traditional backup solutions don’t protect, such as mobile devices and cloud applications?
How Druva Can Help
Druva is the only cloud-native data protection solution that lets organizations securely manage critical business data on-demand and at-scale in the public cloud, while providing real-time threat intelligence and immediate data recovery. This solution covers all organizational data sources, including servers, databases, virtual machines, endpoints, mobile devices, and cloud applications, which provides organizations with a 360-degree view of the data attack surface.
Druva addresses ransomware with:
- Complete Data Protection—for endpoints, cloud applications (Office 365, Box, G Suite and Salesforce ) and servers — optimal for ransomware protection.
- Anomaly Detection—constant monitoring with machine-learning-driven anomaly detection, to trigger immediate notifications in the event of a ransomware attack.
- Immediate Recovery—get your files back in minutes with instant-access data restores, from anywhere to any device, including cloud applications.
Although the total impact of WannaCry may not be known for some time, it should serve as an immediate wake-up call for the need to be vigilant when it comes to vulnerability management. This ransomware attack should also put organizations on notice that a scalable data protection solution is the first—and in some cases, the only—line of defense.