My Take On WannaCry

Reading media coverage of the WannaCry, ransomware attack has been excruciatingly frustrating because little to no information was offered on how infection happens and how to protect yourself.

This issue has been a bit frustrating and unhelpful as an IT professional and user if I didn’t find the right answers there is something seriously wrong.  I couldn’t find the important information in any of the mainstream articles so certainly a novice or amateur user would have no chance of protecting themselves.

How Did WannaCry Infect and Spread?

Long version here from Malwarebytes

One of the key ways is still the oldest “phishing” trick in the book, via e-mail which many users are tricked into opening infected attachments.  This was not readily available in media coverage and this simple warning or announcement could have prevented a lot of new infections.  I believe this is a key factor that has not been discussed since many networks will be behind NAT and external SMB services would be blocked, having users on the LAN install the worm is an easy way to get inside and spread the infection to areas that are hardened on the outside.

The more technical explanation there is an exploit called “ETERNALBLUE” which was a hacking tool leaked from the NSA which exploited a weakness in Microsoft’s implementation of SMB (Server Message Block/filesharing protocol).   This has been widely reported but the simple way to prevent automatic infection through this method has not.

Once infected the worm essentially scans your LAN and then the internet to spread the infection further which quickly multiplied the damage and scope of this attack.

How to protect yourself?

  1. First and foremost is to update your Microsoft Windows regardless of OS (whether you have XP, Vista, 7, 10, 12 or any Server) because all Microsoft versions are apparently impacted by MS17-010 ETERNALBLUE/WannaCry
  2. Disable SMB/Filesharing in Windows and if that is not possible at least use firewall settings to block SMB/filesharing/CIFS.
  3. If the above is not possible you should physically unplug any impacted machines from the network (it could be a simple as disabling all ports on your network/switch or even unplugging entire switches if possible).

Who is to blame?

There is plenty of blame to go around but currently a lot of it is coming from Microsoft who is blaming users for not patching and the NSA for hoarding these exploits and not notifying them or users beforehand.

In all fairness Microsoft did issue patches for even unsupported OS’s like Vista and XP on March 14th, 2017.

Many have mused that the NSA should have at last notified Microsoft the moment they realized their hacking tools were leaked.

At the end of the day the question is how could Microsoft have left open such a serious vulnerability for so long?  Was it an intentional backdoor and was it collaboration between Microsoft and the NSA or other third parties?

Some Can’t Patch

Some systems may be running on internal networks on their own LAN but were still infected so they wouldn’t be patched.  To make matters worse the chances are these would more likely be critical data and infrastructure that are impacted in this case.

Other machines are not managed properly or remotely and are deployed with internet access making them sitting ducks for these types of attacks.

There are also some who just don’t patch because the risk to impacting existing services is too great.  Although I would argue the risk is much higher to not patch and not upgrade or migrate your applications to a more secure platform if you get hit with ransomware like this.

These Issues Are Nothing New

With the Snowden revelations many have worried that US tech companies being forced to provide backdoor access to the NSA would be vulnerable should other hackers discovery the vulnerabilities or intentional backdoors on their own, or in this case when the tools and exploits were somehow leaked.

In the wider scope of things Microsoft has seen worms of this scale in the past, it’s nothing new.  There are no worldwide protocols for notifying users or defending against such worms and this will certainly become an increasingly problem with more and more devices online especially with IoT and so many devices that are connected that we don’t think about, and that don’t get patched or may not have an easy or automatic way of updating.

Why I Founded Techrich Corporation of Hong Kong, China

This is a question that I’ve been asked a lot considering that people ask if there is any duplication of overlap with compevo.  Techrich is an extension and complement to compevo and allows possibilities for our clients.

Being incorporated and based in Hong Kong allows us to provide more leverage and advantages and fills any gap that compevo may not have been able to fulfill.  In terms of data storage, security and connectivity Hong Kong cannot be beat.  It has the best of nearly all worlds.

Why Hong Kong?

This is the next, natural question that follows.  Hong Kong is economically, politically, and technically stable in terms of both IT infrastructure, ecosystem and most importantly its link to the outside world is fast and neutral.  Hong Kong itself is still the internet gateway to China, being directly connected to Mainland China.

Hong Kong is also has a large Big Data industry and demand due its reputation as a financial hub of the world which is a perfect ecosystem and fit for Techrich’s goals.

Contrary to some common belief, Hong Kong is not in the Asian Ring of Fire and is relatively free of any natural disasters, making it not only an ideal location on a world scale but perfect within Asia too.  Hong Kong does experience typhoons but they are rarely devastating and have little to no impact on IT or datacenter operations in Hong Kong. In fact Hong Kong’s power grid is known to be one of the most reliable and stable in the world.

In terms of internet routing Hong Kong is quite neutral with excellent connectivity to all of Asia, North America and Europe, but of particular importance is the capability of very low ping times into Mainland China that only Hong Kong can provide.

Teaching Code To Kids

I believe teaching coding to kids in any form is a benefit for them regardless of their career path.  It really exercises the brain and mind into solving problems in your mind and requires a lot of creativity.  If they can learn coding at a young age it is likely they will continue to learn well in other areas for the rest of their life.

I don’t know if there is a magic number of when to start but if a child is able to use a computer to play games, they are probably capable of being introduced.  I think it’s important to make it as a fun as possible and without too much pressure, which is obviously difficult at a younger age but part of getting them there is not just the coding, but if they start more advanced academics at a young age they are more likely to have the discipline to think things through.

A quick Google search makes it look like there is growing interest for kids and there are now platforms and services intended to help.

Another great thing about kids learning to code is that for children in impoverished areas of the world, who may have access to a computer can be on a level playing field.  In IT you work from almost anywhere in the world and your talent can be recognized.

About Areeb Soo Yasir and compevo communications

Areeb Soo Yasir is the CEO of compevo communications and founded the company in 2001.  compevo communications was originally named by Areeb Yasir, “computer evolution” started out by offering outstanding technical support services, locally in the Vancouver, BC area of Canada while attending BCIT.  Areeb Yasir quickly expanded compevo’s reach and offerings to nearly all things IT, with a focus around business IT solutions, web hosting (initially web hosting, then VPS, then Dedicated Servers), IT security, and IT consulting.

15 years later, compevo communications has survived the dot bomb era and financial crisis of 2008 and has been constantly growing thanks to our highly targeted and unique in-house services.  compevo has multiple facilities worldwide with a strong focus on North America and Asia.

compevo communications offers superior IT solutions and has excelled in bundling in house support, consulting and VPS, Dedicated Server hosting solutions.