In March 1947, a patient who had recently visited Mexico travelled by bus to New York City. He became ill, was hospitalised, and, after his death, found to have had smallpox. This was one of the first casualties of smallpox since the last big outbreak in 1875, which had killed 2,000 New Yorkers. Then, on April 4, Israel Weinstein, the New York City Health Commissioner, urged all New Yorkers who had not been vaccinated since childhood to receive another vaccination. Free vaccine clinics were established throughout the city, and doses were given to private physicians for administration.
During the first week, surprisingly little public attention was captured. The story hit page 1 on April 13, after a second person died from the disease. Mayor William O’Dwyer urged all 7.8 million New York residents to receive the vaccine as the city swiftly swung into full crisis mode. Police, fire, and health departments, and hospitals were mobilised to provide additional space for the effort. People lined up for hours to get vaccinated.
It was the largest mass vaccination effort ever conducted for smallpox in America, and it marked the last outbreak of the disease. Within three weeks of the discovery of the outbreak, the U.S Public Health Service, in conjunction with New York City health officials, had inoculated over 6,350,000 adults and children. Of that number, 5,000,000 were reportedly vaccinated in the first two weeks. The rapid response was credited with limiting the outbreak to 12 people, only two of whom died.
Fast forward 70 years, and the world is grappling with a cyber pandemic of ransomware attacks, the latest and largest of which is Wannacry, that has already infected more than 100,000 businesses across 150 countries. The big question is whether we will mobilise and swing into full crisis mode to neutralise the damage of ransomware moving forward.
But, the Wannacry pandemic is different in a number of important ways.
- No Panacea. In 1947, one inoculation, one vaccine did the trick. With WannaCry, organisations must adopt a multi-prong approach to data protection including user training (to recognise phishing attacks), regular system patching, updating AV/AS signatures and regular systematic backups.
- No Smallpox 2.0. In 1947, after the “Great Vaccination” citizens could go back to life-as-normal knowing they were protected from future smallpox infections. Days after the initial WannaCry attack, new variants of the ransomware were developed and infected another 40,000 machines. Don’t underestimate the power of greed. The opportunity to earn non-traceable, non-taxable income is a compelling motive to find new vulnerabilities and develop new exploits. Sadly, this is the new normal.
- No Mass Mobilisation. Once Israel Weinstein realised that they were dealing with smallpox, not chicken pox as was originally diagnosed, mass mobilisation made it possible to avert a major catastrophe. Unfortunately, this same type of mass mobilisation has been difficult with WannaCry because the diagnosis is less clear. While many organisations were quick to deploy the Windows patch and avert disaster, they’re still exposed to future attacks because they lack the ability to quickly recover operations when get infected.
As Israel Weinstein pointed out in 1947, “Never before had so many people in one city been vaccinated in such a short time and on such short notice.” Without the mass action, he declared, “there very likely would have been thousands of cases [of smallpox] and hundreds of deaths.”
With WannaCry, companies must go beyond simple patches and build in operational resiliency so they can withstand the next and inevitable wave of malware. Unfortunately, the news media has dispensed overly simplistic and incomplete guidance, mostly focused on preventive measures to avoid getting infected.
Virtually no attention has been paid to the technologies and processes that every organisation should have in place to mitigate downtime. In a recent survey of 170 security professionals attending the RSA conference (Imperva, April 2017), 32% said that their company had experienced a ransomware incident. What was more surprising was that 11% said it took longer than a week to regain access to their systems after the attack; another 20% said it took them 2-3 days to recover. Given the exceedingly high cost of downtime, these stats are galling.
Most organisations simply can’t withstand days of downtime. Unfortunately, there are limited options to reduce the amount of downtime resulting from a ransomware attack. You can either pay the ransom or invest in a disaster recovery as a service (DRaaS) solution. DRaaS is a cloud computing and backup service model that uses cloud resources to protect applications and data from disruption caused by disasters, server crashes, and ransomware attacks. With just a few clicks, system admins can spin up clean virtual machines (from either the local appliance or the cloud) and rapidly restore operations and avoid large-scale business disruptions.
These solutions enable any organisation to recover from a ransomware attack in minutes, not hours, days, or weeks.
It’s time to rally again, but this time we must vaccinate our businesses against ransomware with a strong dose of prevention (AV, patching, and backup) coupled with a proven insurance policy – namely DRaaS.
[su_box title=”About Dean Nicolls” style=”noise” box_color=”#336588″][short_info id=’102426′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.