The global WannaCry ransomware outbreak helped steer much-needed mainstream conversation toward the menacing situation many organizations face when it comes to confronting extortion-style attacks.
But for all the awareness that WannaCry helped bring, one weighty attribute of the incursion seemingly went overlooked by many in the security industry: database files were among the many types of files that the ransomware sought to encrypt and render inaccessible.
The fast-spreading cryptoworm targeted not just personal documents, images and videos residing on user workstations, but also mission-critical database file extensions, including .accdb, .dbf, .mdb, .myd, .odb, and .sql. That means that organizations with databases running on vulnerable Windows hosts placed themselves at risk of significant business impact. If a database server is compromised, it impacts every application and user that needs access to that database.
So why did this development never earn prominent placing in the WannaCry story? It's hard to say, but it could come down to the unfortunate truth that the security of databases - ransomware incidents aside - is often given short shrift compared to the network perimeter.
Which is why organizations may want to use WannaCry - and other ransomware families that target databases - as a reason to rethink the way they prioritize protection within their IT environment. If you proactively work to ensure the resiliency of your databases and their contents, you won't erase the need to secure your endpoints and applications, but you can rest easy knowing your crown jewels received at least commensurate attention.
To accomplish this feat in the context of ransomware, you must:
1) Maintain the latest patches on your database servers.
2) Back up your databases.
3) Run anti-virus and anti-malware.
4) Test for vulnerabilities and other weaknesses, like improper access.
5) implement technology that includes a secure email gateway and endpoint protection.
6) Offer security awareness education for employees. Even though WannaCry arrived through exposed SMB ports and didn't involve user interaction, most ransomware attacks start with a successful phish.
Ultimately, ransomware defense requires the same best practices, whether the attack is targeting your database files or some other part of your environment. But if you can use this growing threat as a way of generating increased focus on safeguarding your most prized possessions of all - your database contents - as well as working harder to combat ransomware attacks in general, then perhaps there is a silver lining, however slight, to all of this.
Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.