Many of you have seen recent news reports of the WannaCry ransomware attack affecting organizations worldwide, including the United Kingdom’s National Health Service, U.S. logistics company FedEx, Russia’s interior ministry and many others.
It appears as though using tools developed by the NSA, which were later compromised, cyber criminals tricked their targets into opening attachments affected with the WannaCry malware. As a result of the NSA compromise, Microsoft released a patch in March 2017 to address this vulnerability, though many companies have not installed the patch.
Affected companies have discovered that their files have been locked and face a demand of $300, through Bitcoin payment, to gain access to their data. According to the screen message, if payment is not made within three days, the price is doubled. If no payment is received in seven days, the files will be deleted. As of Monday morning, according to Elliptic Labs, a company that tracks Bitcoin payments, about $50,000 in payments had been made relating to this attack.
Ransomware is not new. Last year, the Department of Homeland Security estimated there were approximately 4,000 ransomware attacks each day in 2016, representing a 300 percent increase from the previous year. Additionally, last year, then-OCR Director Jocelyn Samuels wrote “one of our biggest current threats to health information privacy is the serious compromise of the integrity and availability of data caused by malicious cyberattacks on electronic information systems, such as through ransomware.”
While it is believed that the WannaCry attack appears to have stabilized, it is anticipated that copycat attacks are already underway. As a result, organizations should be prepared to understand whether they have been affected by an attack, as well as how they can help to prevent an attack from occurring in the future.
It is important to stay vigilant by keeping software updated and training employees to watch for emails or downloads that seem suspicious, as well as backing up files. Beyond those basic steps, however, many organizations may want to consider seeking the assistance of an experienced cybersecurity attorney in developing a proactive plan.