Unpatched Systems

Julio and Melissa make up the entirety of the  IT department for their company. They are the Jack and Jill of all trades, and they do a fantastic job making sure the company’s systems are up, end user issues are resolved, and new tools are made available when needed.

Julio is the front line for end user issues, managing  most of the end user workstations and application support. Melissa handles the network, servers, and cloud infrastructure making sure everything is operational.

One Tuesday morning, Julio is awoken to the sound of the IT support phone chirping in his ear. He grabs the phone, rubs his eyes, and groggily reads the message forwarded from his CFO displaying a screenshot of an active Ransomware attack on his desktop. Julio realizes today is going to be a bad day... 

He springs into action, calls Melissa to make sure she knows what is going on, and heads into the office. By the time he arrives, he has received at least twenty-five  more messages with the same ransomware message. Meanwhile, Melissa has logged in remotely, and upon investigation, she finds several servers and file shares were  also infected.

Over the course of the next 48-hours, Julio and Melissa do everything they can to try and rid the system of the Malware to no avail. Ultimately, the company has to pay the attackers $150,000 to get their systems back online. This incident cost the company two  days’ worth of lost revenue and $150,000 in extortion fees. The impact of the fallout from this attack will affect  their insurance rates, and the  hit to their corporate reputation and brand will be hard to recover from. 

Melissa and Julio’s systems fell prey to the 2017 WannaCry ransomware attack that was first discovered over four years ago! Aren’t there fixes and patches for older exploits like that? How did this happen? What needs to be done to make sure it can never happen again?

This is a classic example of an IT management problem. They were so busy supporting the day-to-day business operations, they did  not proactively patch large portions of the infrastructure. Julio and Melissa  subscribed to the outdated, “If it ain’t broke, don’t fix it,” support philosophy, leaving giant security holes in their systems that an opportunistic bad actor was just waiting to capitalize on.

By prioritizing routing systems and application patching, Melissa, Julio, and their management will be better prepared in the future. They will need to implement a systems inventory tool and track the versions those systems are on while  mapping them back to any known vulnerabilities. This process will allow them to prioritize their work and ensure they are safe from known attacks.

The problems Melissa and Julio faced are not unique to their company alone. Many IT departments are short-staffed and forced to handle immediate issues rather than focus on proactive system maintenance. CCI Systems and its Security Red Team partners can be a resource for IT teams, like Melissa and Julio,  and our security experts can come identify outdated systems and build a plan to migrate them onto the latest, most secure versions. By doing so, this allows our customer IT departments to focus on supporting their business without running the risk of a hacker exploiting an unpatched system.