It’s surprising to many that variants of the WannaCry ransomware are still being effective at damaging business operations to this day. On Friday 3rd August there was an outbreak at TSMC (The Taiwan Semiconductor Manufacturing Co) —the world's largest makers of semiconductors and processors -which manufactures chips for companies, including Apple, Nvidia and AMD. “This virus outbreak occurred due to mis-operation during the software installation process by a supplier, which caused a virus to spread to the company’s computer systems.” TSMC officials wrote in a statement published on Sunday 5th August. This surely demonstrates that it’s still a very real and active threat.
The company stated, it expected the disruption to lower third-quarter revenue by as much as 3 percent. With the chipmaker previously forecasting revenue in the quarter to be between $8.45 billion and $8.55 billion, the hit could be as high as $256 million.
Companies like TSMC use the NIST (National Institute of Standards and Technology) Cybersecurity Framework to “protect” against and “detect” the presence of such outbreaks, subsequently using the “respond and “recover” incident response plans to mitigate the compromise and recover business operations. A speedy and co-ordinated response will help to minimise damage and financial loss. By offering staff relevant training and rehearsing scenarios, your company is better equipped to deal more effectively with an outbreak.
Dealing with ransomware threats, requires a multi-faceted approach:
Technical & Policy
Back up your data and protect the backups.
Use strong anti-virus software.
Use a risk based layering approach for your most precious assets and control code execution.
Application whitelisting is also an effective control to use here.
Technical, Process & Policy
Keep updating your OS - Install the Microsoft patches to protect the OS from the vulnerability that WannaCry exploits. This should be part of a mature threat and vulnerability management capability which includes patching. There are companies (like Fortis) offering this as a service if you don’t want the overhead.
People & Policy
Don’t click on links in emails, WhatsApp etc or websites you don’t trust.
Avoid opening email attachments from people or sources you don’t trust.
Use an accredited learning and development package for your staff which changes their behaviour and is not just as a compliance tick-box exercise.
Technical for WannaCry
Disable SMB v1 to prevent the spread, Microsoft Server Message Block 1.0 – the now infamous Microsoft Security Bulletin MS17-010– Critical. Updating desktops are way simpler than servers so bear this in mind.
Technical & Policy
Filter web-traffic to help protect users from downloading the malware by mistake via web sites.
There are some great resources for organisations which will help them to identify and quantify risk, in financial terms, ensuring that “the business” can make an informed decision about priority and budgeting.
What is the likelihood of this happening to your organisation and what would be the financial impact in the event of a successful ransomware attack? If the quantifiable risk is higher than your company’s risk appetite, then the advice would be to prioritise the increase of preventative/protect measures internally or look to an external party to provide a solution for you. At Fortis this is what we are experts at.
Further information:
NCSC – Mitigating Malware
The NCA (National Crime Agency) recommends the No More Ransom project.
Many thanks to Matthew Waters and Charles Vaughan for their honest feedback whilst reviewing this piece.
The best of luck,
-Matt Leonards