Ransomware: WannaCry – What to do after the attack.

On Friday, May 12 2017, the largest cyber security incident in history impacted over 150 countries. It successfully compromised hundreds of thousands of computers and corporate networks. This ransomware attack started in Asia and spread across Europe, where it proceeded to infect computers in the US and South America. Experts project the attack could have had a life-changing impact globally, had it not received such immediate media attention.

The ransomware, called WannaCry(pt), locks down files on an infected computer. It then asks the computer’s administrator to pay the ransom within 6 hours to regain control of company files and databases. WannaCry(pt) has attacked hundreds of thousands of computers. Some of the industries and organizations impacted were hospitals in the UK, Fedex shipping in the US, a telecom company in Spain, and even universities and large companies in Asia. The malware, released by a group called the Shadow Brokers, was reportedly stolen from the NSA. Since then has affected users around the world.

How does is it spread?

The ransomware is spread via phishing and by exploiting a Windows vulnerability.

What makes this malware unique and dangerous?

Whenever it loads itself onto a computer, the ransomware automatically scans for other computers it can infect on the same network. As Kurt Baumgartner from Kaspersky Lab describes, “It has a ‘hunter’ module, which seeks out PC’s on internal networks. So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PC’s at the coffee shop. From there, to other companies.”

What you can to do to help protect the network?

• Always logoff after you leave the office.
• Do not turn your computer off. Security updates can only be pushed to computers that are on. Additionally, mobile devices are no exception, laptops must remain on and have access to the internet in order for updates to be received and installed.
• Security updates may require rebooting of your computer/server – so save your work and close your programs when you leave for the day.
• Be very suspicious of all emails that contain links or attachments. Follow these steps on identifying a phishing email.

 

Cyber threats are now a fact of life. Make sure you minimize the threat to your organization, and to minimize the impact when (not “if”) an incident occurs.