Information about WannaCry malware

News - June 8, 2017

As you might know, many Windows computer systems worldwide have been infected by the outbreak of WannaCry malware. In a number of cases this has led to serious disturbances of the business processes.

What we know now

By the end of week 19, computer systems that have a Windows operating system were infected with WannaCry malware worldwide.

Systems getting contaminated with malware is not new and, in most cases, it requires a human action first, for example by opening an attachment in an email.

WannaCry is unique (and therefore more dangerous) as it, once activated, enables itself to spread itself in networks without the need for physical action.

WannaCry is able to spread and multiply as a “worm” as soon as it finds a vulnerable entry in a network. That’s also the reason why the infection has manifested itself at such an enormous rate worldwide.

The vulnerability in Windows operating systems that WannaCry uses is already fixed in March this year by a security update by Microsoft.

WannaCry shows that there are apparently lots of computers worldwide that do not have recent security patches and updates. It also shows that anti-virus software was not present, was not up to date, or was unable to ward off the infection.

Without getting into too much technical detail, it became clear that the older Windows operating systems and the Windows operating systems that do not have security patches and updates are the most vulnerable.

New insights

Many of the integrated security systems connected to a network using a Windows operating system, are isolated and not connected to the Internet.

Video surveillance, Access Control, Burglary, Intercom, Firefighting, etc. are integrated into one’s own dedicated IP network environment.

The starting point is that these systems should not be connected to the Internet in any way, precisely to prevent malicious people from gaining access. Such physical separation of the Internet is also called an air gap. In itself a logical reasoning that has worked for a number of years.

With the rise of malware infections like WannaCry, however, the risk of off-line infection has increased extraordinarily for these isolated Windows systems. Because the insulated systems have not undergone security patches and updates, and often do not include active current security software, there is an increased risk of infection.

Adding a new device to the network, plugging in a USB stick for backing up, connecting a laptop to change settings are all of the factors that can cause a contamination. Especially because old but well-known vulnerabilities are not resolved.

Measures

Microsoft indicates that the risk of infection can be limited by keeping the used Windows operating systems up to date. According to Microsoft, the infection with WannaCry malware could not even happen to systems that do not have end of life status and when all security patches have been implemented.

Microsoft’s allegation is formally correct, only for companies with complex ICT infrastructures and / or isolated networks, it is often not easy to provide all systems with updates continuously and unscheduled. Think of the reboot sequences that are automatically executed after an update, as well as the fact that Windows XP has the end of life status since 2014, and since then no patches and updates have been available.

By way of exception, Microsoft has now released a one-time patch in Windows XP for the vulnerability that WannaCry uses, but the remaining security issues are not resolved and will not be debated in the future.

What it all comes down to, is limiting the risks in Windows operating systems by running an active update and patch policy in conjunction with current security software. Additionally, Windows operating systems that have reached the end of life status and no longer being actively provided with updates (XP) can no longer be used at an acceptable risk.

Advice

By all means, we strongly recommend that you remove and replace outdated Windows operating systems that have reached the end of life status (such as Windows XP) and are no longer supported by Microsoft.

For the Windows operating systems that are still supported by Microsoft, it requires that they should be updated to all released security updates and patches. This applies to both the Windows client software and the Windows server versions.

In the case of isolated networks (not connected to the Internet), it is important that no “strange” hardware and software is added to the network-connected equipment as long as it is not yet clear whether the correct updates and patches have been implemented. So do not connect USB sticks, external HDDs, Laptops, etc. as the previously mentioned “air gap” can be bridged.

If you are unexpectedly infected with WannaCry Malware or other malware, it is important to immediately turn off the device and disconnect all network connections to prevent it from spreading any further.

Perhaps you have been worried about your own situation through the items in the news about cyber-attacks. However, fear is a bad adviser and we can advise you in your specific situation.

We can provide insight into whether the vulnerabilities are present in your systems by means of a targeted preventive investigation. We report the outcomes of preventive research into a report containing the findings and recommendations.

We also want to discuss the possibilities to get an active update policy and secure your systems against current and future vulnerabilities.

We can imagine you have further questions in response to this letter.

You can contact your regular contact person.