Ransomware Attack: WannaCry Update

 2017-05-25 09:36 AM by
Ransomware Attack: WannaCry Update

The WannaCry ransomware attack on Friday 12 May 2017 was a shock to businesses around the world and a wake-up call to all computer users. In the space of a few hours the ransomware spread like wildfire, and by Monday morning more than 200 000 computers in 150 countries had been infected.

Backup companies were then faced with a flurry of calls from small to medium-sized businesses who had not yet employed  backup services, and external hard-drives have been selling well since.

Amongst the businesses hardest hit were the US multinational delivery company FedEx, French car manufacturer Renault, Spanish telecommunications firm Telefonica, Chinese energy giant PetroChina, the United Kingdom’s National Health System and Russia’s interior ministry.

Large businesses took the biggest brunt because ransomware can spread most easily through their networks, but many small to medium-sized businesses were also struck by the malicious software.

WannaCry followed the route of most ransomware attacks, executing in five straightforward steps:

  • Enter: ransomware enters a computer through malicious websites, email attachments or through a vulnerability in Windows software.
  • Exploit: it exploits additional vulnerabilities in the system to gain more control over file locations and user accounts.
  • Execute: it executes and installs itself on the compromised computer and then synchronises with the control server of the attacker.
  • Encrypt: it encrypts or locks data and files on the computer.
  • Extort: a ransom demand is made in exchange for a decryption key that unlocks the computer.

WannaCry didn’t spread via email, but via a vulnerability in the Microsoft Windows operating system that had been discovered by the US National Security Agency and then patched by Microsoft in May this year.

Many users had not yet updated their systems with the patch that Microsoft issued, and that’s why the virus to spread so easily. Businesses and home users alike now understand the urgency and importance of keeping their operating software up to date and installing patches as they become available.

WannaCry victims have been faced with three choices: pay the ransom, accept their loss of data and start again or wait for experts to write software to decrypt to the encrypting software.

Experts advise victims not to pay the ransom because their files will  probably not be decrypted when they do. Stats collected from the WannaCry attack show that one in five small and medium-sized businesses who paid the ransom never got their data back, which is why good backups are critical to business continuity. 

If you’ve backed up your documents externally or in the cloud, you can afford to erase your hard drive and reap the benefits of this security measure. But for many it’s reasonable to assume you’ve lost your files forever, and you’ll now need to put in place security measures such as backup, anti-ransomware protection and disaster recovery. 

Prevention is the only way to avoid being infected by malware attacks and further strikes from the WannaCry ransomware. It’s as important to backup your files as it is to install anti-virus and security software, and businesses are advised to spend time simulating how to deal with a ransomware attack.

As Tai Chesselet of IronTree Internet Services says, “The easiest attack to deal with is certainly the one you’ve been able to avoid altogether, but the second easiest is the one you’ve already prepared for by going through it.”

To prevent a ransomware attack, you’re urged to do the following four things immediately:

1) back up your files externally

2) make sure your Windows software is up to date

3) install all available Windows patches

4) buy security software and keep it updated

For advice on security measures you can take, contact a backup and security services provider such as IronTree.

We will continue to post updates as this event develops. At the time of writing certain precautions had been implemented.