You may have heard about the recent WannaCry cyberattack that infected hundreds of thousands of computers worldwide. The ransomware holds a computer hostage until the user pays some amount of money (ransom) to the hacker or until a patch is made and installed. Why did it spread so quickly and how can you prepare for the next one, especially if you are a DBA? It’s not a matter of if, it’s a matter of when.
When this particular ransomware emerged on May 12th 2017, it had used an exploit on Windows systems that had been addressed by a critical patch two months earlier in March 2017. So, if end users kept up to date with receiving the latest critical security patches as they became available, they would have avoided being infected.
Unfortunately, many businesses were not adequately prepared for an attack like this because maintain updates and they did not have the right security processes in place. It’s critical that companies are proactive in the measures they take to mitigate the risks involved with today’s cyber threats or they will become vulnerable. Lack of preparedness is one of the biggest factors why this cyber attack was so effective.
The biggest threat, naturally, is data loss. That alone is a scary thought. We live in a data-driven world. While data loss can be a disaster to your business, other threats may occur when malware is present on any network. It can cause performance issues on every system or device attached to the infected network, including but not limited to system lockups, slow data transfers, or permanently corrupted system files leaving systems inaccessible.
Implementing a process to prevent these type of attacks is ideal for managing your business and minimizing risks. While being prepared may add additional costs to your bottom line it will be much less expensive than having to deal with the aftermath of a major cyber attack on your network system. Not only will emergency changes be more costly but they will also put you at risk. Since you will be in crunch time, you won’t be able to do full testing, which puts you at a higher risk of something going wrong.
As SQL Server, Oracle, Sybase and MongoDB database professionals, we have come up with a list of things you need to be doing with your databases to prepare for attacks like this in the future.
First things first, if there is a suspected malware threat found on your network, especially in the case of ransomware, you should immediately disconnect all network connections (wired and wireless) to prevent spreading the malware to other devices attached to the same network segments. I would also recommend disconnecting any attached USB devices.
When it comes to actually paying a ransom, it is advisable to avoid paying the ransoms as there is no guarantee that your data will be recovered. However, if you have no other alternative to recovering your valuable data, this is a risk you may be willing to take. There have been confirmed reports in the industry where data was recovered after a ransom had been paid. But if you have the ability to completely remove the malware threat and recover your data that had been compromised, it would be a safer bet to choose this route.
Finally, do not panic as there may be a solution or patch already out there to help you clean up and prevent the same attack from occurring again. And sometimes there are even solutions already out there to get your files recovered safely without the need for recovering from backup. If your company is concerned that your data is at risk, contact Dobler Consulting and ask about our Remote Database Services.