Don’t WannaCry? Secure Customer Data Against Ransomware

May 16, 2017  By Frederick Drennan

Disaster has struck.  Despite your best efforts, a capable strain of ransomware has struck your network, infecting unknown numbers of machines and extorting users for money in exchange for their data.  With the advent of WannaCry/Wana Decrypt0r, this issue has occurred on an unprecedented scale - impacting tens of thousands worldwide- underlining that there is a continued threat of ransomware to any and all endpoints.  Considering the impact it has had on countless people and organisations globally, now seems like an excellent time to plan for how to prevent and respond to such threats.

The impact of the recent attacks has been devastating.  As of May 14, estimates put the number of countries affected by the WannaCry strain of ransomware at more than 100, with organisations ranging from the Russia’s Interior Ministry to the UK National Health Service being seriously effected.  In the case of the NHS, the unprecedented downtime resulted in many healthcare professionals simply not being able to work, with many Emergency Departments and GP clinics experiencing significant delays, resorting to pen and paper or even closing.[1]  This highlights the potential and terrifying human impact of ransomware and cybercrime in general – clearly  ransomware is extremely serious and needs a comprehensive strategy to handle it.

Effective security strategies rely on two core concepts – a focus on preventing the threat and then robustly responding and defeating the threat when it occurs.  The key term here is ‘when,’ as prevention will never be 100% fool-proof – new strains of ransomware will always be developed to exploit newly-discovered bugs. There is always a need for both preventative and reactive methods.

Prevention strategies depend on processes to reduce the number of attack vectors an organisation is vulnerable to.  In terms of ransomware, this is principally done on the software level – automated patch management and software updates using next-gen RMM greatly reduce the risk of exploitation by a new threat.  In combination with other measures such as user training, anti-virus and good network settings, most threats can be prevented.  Unfortunately, prevention can and will never be 100% effective – therefore planning must always include preparing to respond to an attack.

Responding to a ransomware attack depends on controlling the situation as much as possible, enabling you to plan and then implement a resolution so that the impact to workers’ productivity is minimal.  With a single PC, this might mean isolating the device from the network to prevent the infection spreading, followed by wiping the machine, re-imaging and then restoring that person’s files and folders.  For a large disparate organisation, this might involve taking large numbers of machines offline to immediately reduce the risk of the virus spreading, identifying and resolving problem endpoints as above and performing an audit and taking action to ensure every endpoint is patched and protected.

The above methods work. With WannaCry, this is a vital reminder that there is an absolute need to continue to backup as many endpoints as possible, especially those of decision-makers and mobile workers who simply cannot rely on legacy or manual processes to protect their data when disaster strikes.  Thankfully, technology has caught up with the need.  Autotask Endpoint Backup and Workplace™ (FSS) solutions allow service providers to protect clients’ data and to help clients quickly recover from a ransomware attack or other data loss scenario. Combining these solutions with Autotask Endpoint Management takes it one step further and automates the delivery of the latest operating system patches on all devices you are currently managing.  Plan to prevent and respond and help your clients avoid data disaster.


Frederick Drennan
Product Manager

As a Product Manager, Frederick researches and validates market problems, liaising closely between partners worldwide along with engineering and other internal stakeholders to develop new features and updates to Autotask Workplace (AWP) and Endpoint Backup (AEB). Previously, Freddie worked in partner development for Autotask, developing AWP and AEB partners across the UK & EMEA region.

Follow @Autotask Tweets