Ransomware is old news, as we had previously written here. Its latest iteration, the currently circulating WannaCry ransomware, is no laughing matter. The WannaCry vulnerability was reportedly first uncovered by the National Security Agency (NSA) but kept under wraps as a potential tool for possible surveillance. It was subsequently found by hackers who released a cache of stolen NSA documents on the internet, including details about WannaCry.
WannaCry has reportedly brought computer systems all over the world to their knees, locking users out of their computers, cutting access to their data, and demanding a ransom payment. As of earlier this week, it was reported that more than 200,000 computers in 150 countries have been affected, including hospitals, banks, telecommunications companies, schools, warehouses, and businesses in general.
What You Need to Know
WannaCry is considered more dangerous than other common ransomware types because of its ability to spread itself across an organization’s network by exploiting a critical vulnerability in Windows computers. The way WannaCry and most ransomware works is by first infecting a computer, then encrypting the data, and then putting up a screen demanding that the user pay money to regain access to the data in the computer. The ransom price usually increases over time until the deadline, when the files are usually destroyed.
So far, security researches have reported the following information about the WannaCry vulnerability:
- Who should worry? Windows-powered PCs that have not been patched, i.e. are not running updated software that protect from this vulnerability, are potentially susceptible. Because of WannaCry’s ability to spread across networks, organizations are particularly at risk.
- How does it spread? It spreads across an organization’s networks by exploiting a vulnerability, through a standard file sharing technology used by PCs called Microsoft Windows Server Message Block, or "SMB.”
- Why is it problematic for organizations? It has the ability to spread itself within networks without user interaction.
Organizations should heed the following tips to prevent (or at least minimize the threat of) ransomware like WannaCry:
- Keep Your Software Up To Date. Fix software vulnerabilities in a timely manner – this practice will address some ransomware vulnerabilities and limit your liability should a breach or ransomware attack occur.
- Back Up Your Files and Consider Using Cloud Services. If you have backup copies, you can restore the files once a ransomware infection has been cleaned up. But ensure that backups are appropriately protected or stored off-line so that attackers are unable to access or delete them. Cloud services could help mitigate ransomware infection, particularly those that include a feature to retain previous versions of files, which would allow roll back to the previously unencrypted form.
- Educate Your Workforce: Because ransomware infection often results from a lack of knowledge about common cyberthreats and the methods cybercriminals use to lure their victims, cybersecurity training is more important than ever. Email is one of the main infection methods so users should be taught to be suspicious of unexpected emails containing links and attachments.
- Implement (and Invest In) Strong Security Measures. Or implement at least security best practices. Use reliable security solutions and turn on advanced features that would catch unknown threats.
- Avoid Paying The Ransom. There is no guarantee that you will regain control of your device or files after paying the ransom. Moreover, you will be paying cybercriminals. Instead, work with your IT and Security teams to figure out if you can use backed up data in the meantime.
- Report Ransomware Attacks To Law Enforcement. Crackdown on ransomware cybercriminals is one of the few things that work in this area.