WannaCry: It's Not Over
What initially looked like an attack against England’s National Health Service (NHS), forcing hospitals to turn away patients on May 12, 2017, has turned out to be the largest coordinated cyber attack ever seen. Cybersecurity professionals around the world are discovering that the WannaCry ransomware indiscriminately targets all industries everywhere. After only three days, the estimated number of victims is over 250 000, spread over 150 countries.
So what is ransomware?
Ransomware is a piece of malicious software, usually distributed via unsolicited email that either carries an infected attachment, or that leads you to a web page containing malicious content. It installs on your computer using vulnerabilities in your operating system. Once installed, it looks for and encrypts all your files, including all the files that would be stored on a company network share and any other storage media it can access.
Once files are encrypted, the ransomware pops up on the screen and asks for a ransom, payable in an untraceable currency (usually bitcoins). If the ransom is not paid within the allotted time, the ransomware will simply "throw away the key" that allows you to get your data back. Paying the requested ransom (anywhere between a few hundred to a few thousand dollars) theoretically leads to the ransomware decrypting your data, but there is no guarantee.
How is WannaCry different from other pieces of ransomware?
Whereas ransomware traditionally leverages email to propagate to unique users, WannaCry also takes advantage of a Windows flaw to replicate across the network to other vulnerable machines, thereby leading to entire organizations being crippled in an amazingly short timeframe. That Windows flaw was part of the NSA hacking toolbox when it was released by the Shadow Brokers hacking group a few weeks ago.
How can I protect myself?
Many cybersecurity professionals will advocate defense-in-depth, including firewalls, antivirus, patching and backups. In the specific case of ransomware, it usually leverages two critical vectors: unpatched systems and humans. In order to protect yourself from WannaCry, or any other form of ransomware, you need to ensure your computer system is always patched and up to date, and that you and your colleagues don’t click on any suspicious links or open unexpected attachments.
While security teams worldwide are working around the clock to limit the effects of this massive outbreak, new variants are coming out. WannaCry is just an example of how creative criminals can be. You can be sure 2017 will be an eye-opener for many.
Even Microsoft has exceptionally released emergency security patches for end-of-life Windows XP, Vista, Windows, as well Windows Server 2003 and 2008 to help alleviate this crisis.
You will obviously want to ensure you have valid and working backups (on external storage that is not permanently connected to your PC), but you will, most importantly - as it sometimes takes only a single click - want to make sure you think before you click.
What if I…?
If you think you clicked on something you shouldn’t have, quickly follow your corporate procedures to get in touch with your IT or Security team.