The recent ransomware worm in the WannaCrypt or WannaCry (Wcry) malware infected more than 200,000 systems across 150 countries. The virus targeted out of date computing systems not unlike those that can be found in an industrial control system (ICS). While WannaCry impacted banks, healthcare providers and other non-industrial entities this time, next time the enterprise ICS could be the target. And, there will be a next time.
What WannaCry Did
The WannaCry ransomware attack encrypts all the files of an entry computer and then spreads laterally through an organization’s entire network. Once infected, the user/victim is told that their files are locked, but can be restored. The ransom is a payment of $300 in Bitcoin per affected system to get the decryption key.
How It Was Done
Taking advantage of a previously discovered vulnerability in Windows that was addressed in ETERNALBLUE SMB exploit (MS17-010), WannaCry targeted users and enterprises that delayed the deployment of the patch. The vulnerability combined with a self-replicating payload allowed the ransomware to spread from one vulnerable machine to another vulnerable machine through a variety of techniques. It did this without requiring an operator/user to open an e-mail, click on a link or take any other action.
Just the Beginning
While most experts are surprised at the amateurish approach used by the creators of WannaCry, which only earned them $55,000 from what has been called the worst digital disaster in years, the threat of improved efforts by the same perpetrators and other bad actors should prompt all enterprises, especially those with an ICS linked to their network, to reinforce their internet accessible systems with appropriate security measures. The second part of this blog will provide further insight and guidance on how to implement the trust elements into any organization’s network.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.