By now you’ve likely heard about the massive ransomware attack that plagued companies worldwide in May, called WannaCry (a.k.a. WannaCrypt, Wanna Decryptor or WCry).
WannaCry is a type of virus known as ransomware. WannaCry targeted Windows computers that were missing certain patches, or security updates. This virus got to those vulnerable computers through the Internet, or by users interacting with malicious emails. If successful, the malware encrypted files and asked for a ransom in cyber currency, Bitcoin, for the decryption key. It would also install a back door that must be removed after encryption.
What Makes This Windows Virus So Special?
Ransomware has been around for many years, but this particular virus is notable for a few reasons.
1. Unprecedented Global Ransomware Attack
First, it was an unprecedented global ransomware attack. Following the first weekend the virus was detected, antivirus providers Avast and Kaspersky Lab reported that 75,000 computers in at least 74 countries had been infected. Later numbers are reporting closer to 200,000 computers in 112 countries.
It made the news when the UK’s National Health Service’s (NHS) operations were halted due to the number of machines that were infected. It also affected other large, well known corporations such as Spain’s Telefonica, and FedEx. In addition, thousands of small businesses and home computer users worldwide fell victim.
2. Microsoft Released a Patch for Unsupported Operating Systems (Windows Server 2003, Windows XP, and Windows 8)
Second, systems running Windows Server 2003, Windows XP, and Windows 8 are not supported by Microsoft anymore, and new security updates haven’t been available for some time. However, Microsoft made an unusual move and released an emergency patch for these older operating systems due to the severity of this attack.
Before you rush to update your older computers and servers, be warned that the implications of applying this patch can be significant. There are risks associated with all patches, and the level of risk increases substantially with older systems. Sometimes the machines don’t turn back on after the patch. Sometimes applications or integrations don’t work the way they’re supposed to. And other times, everything is just fine.
In this case, there is a delicate balance between security and functionality. Executives will need to work with their IT department – whether that’s in house or outsourced – to develop an action plan with regard to these machines.
3. WannaCry Had A "Kill-Switch"
Third, WannaCry had a “kill-switch.” An enterprising security professional from the UK discovered a way to halt the spread only a few days after the initial release.
This has stopped the spread for now, but it isn’t over yet. Security experts warn that revisions of the ransomware are likely to come out soon and companies need to be prepared.
How to Protect Your Company from Similar Security Threats
Ransomware has been tormenting companies for several years and shows no signs of slowing down. Here are a few tips for how companies can protect themselves from this virus, and threats like it.
- Ensure good network security processes, including testing and applying updates and patches to devices as soon as possible.
- Most IT professionals send updates to machines at night or on weekends so they don’t disrupt daily operations. If that’s the case at your company, be sure your employees know to leave their machines turned on – and either logged off or locked – when they leave for the night. This will ensure that security updates are successfully installed.
- Computers and servers may need to be rebooted for patches to successfully apply. Check with your IT professionals to make sure this is part of your scheduled maintenance cycle.
- Users must stay skeptical of all emails containing links and attachments – even if they’re from someone in your contacts list. One user accidentally clicking on the wrong thing may impact your entire organization’s ability to work.
- If you have any unsupported Windows machines, put together a plan to replace them as soon as possible due to the high security risk. Many victims of this latest attack were on machines running Windows XP because Microsoft stopped releasing regular security updates for that operating system in April 2014.
If you have any questions regarding this threat, or cybersecurity in general, reach out to your IT professionals to discuss a security plan for your organization.