By now you’ve likely heard about the massive ransomware attack that plagued companies worldwide in May, called WannaCry (a.k.a. WannaCrypt, Wanna Decryptor or WCry).
WannaCry is a type of virus known as ransomware. WannaCry targeted Windows computers that were missing certain patches, or security updates. This virus got to those vulnerable computers through the Internet, or by users interacting with malicious emails. If successful, the malware encrypted files and asked for a ransom in cyber currency, Bitcoin, for the decryption key. It would also install a back door that must be removed after encryption.
Ransomware has been around for many years, but this particular virus is notable for a few reasons.
First, it was an unprecedented global ransomware attack. Following the first weekend the virus was detected, antivirus providers Avast and Kaspersky Lab reported that 75,000 computers in at least 74 countries had been infected. Later numbers are reporting closer to 200,000 computers in 112 countries.
It made the news when the UK’s National Health Service’s (NHS) operations were halted due to the number of machines that were infected. It also affected other large, well known corporations such as Spain’s Telefonica, and FedEx. In addition, thousands of small businesses and home computer users worldwide fell victim.
Second, systems running Windows Server 2003, Windows XP, and Windows 8 are not supported by Microsoft anymore, and new security updates haven’t been available for some time. However, Microsoft made an unusual move and released an emergency patch for these older operating systems due to the severity of this attack.
Before you rush to update your older computers and servers, be warned that the implications of applying this patch can be significant. There are risks associated with all patches, and the level of risk increases substantially with older systems. Sometimes the machines don’t turn back on after the patch. Sometimes applications or integrations don’t work the way they’re supposed to. And other times, everything is just fine.
In this case, there is a delicate balance between security and functionality. Executives will need to work with their IT department – whether that’s in house or outsourced – to develop an action plan with regard to these machines.
Third, WannaCry had a “kill-switch.” An enterprising security professional from the UK discovered a way to halt the spread only a few days after the initial release.
This has stopped the spread for now, but it isn’t over yet. Security experts warn that revisions of the ransomware are likely to come out soon and companies need to be prepared.
Ransomware has been tormenting companies for several years and shows no signs of slowing down. Here are a few tips for how companies can protect themselves from this virus, and threats like it.
If you have any questions regarding this threat, or cybersecurity in general, reach out to your IT professionals to discuss a security plan for your organization.
Related: IT Untangled: What Do Hackers Want With My Business Data?