7172 Graham Rd, Suite 115 | Indianapolis, IN 46250

Ransomware: Pay or Protect

On May 11th, 2017, the world was introduced to the WannaCry ransomware. The ransomware spread around the globe like wildfire, infecting hundreds of thousands of devices and catching many major organizations and businesses by surprise. The full extent of the ransomware’s damage is still being assessed, yet, one thing we do know: this whole fiasco was preventable.

Granted, there’s nothing that any of us could have done to prevent hackers from using a leaked NSA cyberspying tool to deliver their ransomware. Companies that took the time to apply the latest security patches issued by Microsoft back in March were generally spared having their files encrypted against their will. Meanwhile, companies and PC users alike that put off applying the updates were the ones that got slammed.

This incident highlights the importance of applying security patches in a timely manner, as well as poses the question, “Why were there so many organizations that put off applying such a critical patch?” Compared to the average PC user that simply has their system set to automatically install Windows updates as soon as they’re released, enterprises tend to take a different approach.

When it comes to business computing, it’s best practice to first test a new patch before applying it to the company network. A major reason for this is because one can’t be certain of how applying a patch will affect other software until testing first takes place. Worst-case scenario, a patch is applied to a company network that unexpectedly interferes with a mission-critical application. When this happens, productivity is hindered and operations may even grind to a halt.

Considering the potential fallout from this outcome, you can see why a lot of IT departments choose to delay applying newly issued patches. After all, should a patch that’s been applied end up disabling important systems, then going back and undoing the damage just makes the problem worse, and much more expensive.

Additionally, regular backup solutions provide an additional line of protection against ransomware. If clean images of the infected machines are readily available, businesses can completely wipe the infected hardware and restore to the last good version. And organizations don’t have to store multiple complete copies of every system — incremental backup systems save just the latest changes, making them very efficient.

All that said, organizations hit with the WannaCry ransomware had adequate time for their IT departments to test the security patches issued by Microsoft (in March), before the ransomware began infiltrating systems around the world (in May). Now, we understand that every business has different priorities, and those priorities are reflected by how IT resources get allocated. As an IT company ourselves, we get that and therefore don’t wish to criticize organizations that didn’t adequately prepare. Instead, we offer our condolences to any business hit with the WannaCry ransomware, and we’re ready to help resolve issues and plan for the next attack.

At the very least, we hope this ransomware attack serves as a wake-up call for organizations of all shapes and sizes when it comes to following through with routine IT maintenance, especially the likes of promptly applying security patches (a top priority, obviously) and properly managing your backups. If you don’t have time for this or find yourself routinely pushing IT responsibilities like testing/applying patches off to the side, we can help.