Ransomware : Targeting the Fault-lines in Patch Management Practices

Ransomware is currently one of biggest challenges in cyber security. Ransomware basically encrypts and locks you out of your critical assets, and it also asks you to pay, to recover access to those assets. Some organizations believe they don’t have an option and eat the cost, although there’s no guarantee that access will actually be reinstated. The risk of ransomware is simply too big for businesses to ignore, particularly as strains continue to advance. IT departments and tech vendors constantly work to create patches that will defend against ransomware as it evolves and reinstate security following a breach. Ransomware has significantly affected the patching process as well as how companies must think about their security posture.

Attacks Covering More Ground Than Ever

Hackers aren’t just looking to target big organizations anymore – they are also aiming for small businesses that likely won’t have the necessary security measures in place to protect themselves. According to Datto, IT service providers believe that ransomware attacks will increase in the next two years, and that it will be a big problem for SMBs. In 2016, 90 percent of IT service providers reported recent ransomware attacks on small businesses. Within the first six months of 2016, 60 percent of providers reported up to five attacks. Nearly one-third even identified multiple attacks in a single day.

Ransomware is covering more ground than ever to infect more devices.

While phishing emails and lack of employee cyber security training are big drivers of ransomware infection, some strains are using more sophisticated, legitimate means to gain access. For example, an update server for an accounting software package was recently hacked to install updates that included a worm known as NotPetya or ExPetr. This method is not only effective, it’s also efficient for spreading malicious code, as users have gotten into the habit of updating when patches are available. Providers must not only create patches for customer vulnerabilities, but also the organization’s own potential threat surface as well.

Why Aren’t People Patching?

Patching systems and applications to reinstate security has become vitally important to preventing data loss, unforeseen downtime and other damage. However, even as WannaCry hit 200,000 victims, many were still vulnerable when NotPetya hit businesses a month later. Avast’s Wi-Fi inspector found that 38 million PCs were still unpatched, noting that the number is probably much higher in reality, SCMagazine UK reported. While patching should be routine, some organizations aren’t taking these threats seriously, leaving them vulnerable to the next strain.

During the WannaCry breach, a kill-switch finally put an end to the ransomware’s terror, meaning that many organizations didn’t complete patching their Windows platform. The truth is that patching can be difficult for some organizations because they might need to test it, may be using an outdated version of the operating system or have a policy to not apply patches to avoid destabilization. By simply eliminating shared accounts, removing direct access to privileged accounts and patching, organizations could have avoided much of the damage from a second wave of ransomware.

“Whitelist programs that are reputable, secure and valuable.”

Use Patching Best Practices

To avoid running into problems with ransomware, organizations should observe application control and patch management best practices. With the number of endpoints increasing in the workplace, IT admins must look at whitelisting programs that are reputable, secure and valuable. IT departments must be able to control what applications are being used as well as what information they have access to. With this resource, organizations can rest easy that their assets are protected.

In order to manage patches effectively, it’s critical to ensure asset discovery to know what’s active on your network and where your IT resources are. Getting your house in order will provide real-time visibility into the items you support as well as their health, TechRepublic reported. Start with a baseline that you want the entire business to comply with and bring controls in line to ensure everything is up to spec.

It’s also extremely important to ensure that your operating system is still being supported. Windows XP no longer receives updates from Microsoft, for example, however, some organizations still use it. Microsoft even released a rare patch for XP during the WannaCry breach to help protect these antiquated platforms. Updating your OS will reduce patch management limitations and make it easier to reinstate protection measures, TechRepublic stated. Keep patching usability as simple as possible to enable everyone to update quickly and easily.

A number of people might avoid patching due to the time it takes to complete, cutting into their regular work duties. Some patch management solutions will have options to automate updates as well as audit and monitor assets. In this way, operations won’t be interrupted, and all software solutions can run smoothly without any input to keep up to date. For more information about how to avoid ransomware and keep popular products updated across your enterprise, contact Faronics today.

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.