On May 12th 2017, a ransomware of WannaCry or Wcry started spreading like wildfire starting from NHS system in UK. It spread to dozens of hospitals from where it spread to 6 continents affecting more than 100,000 machines! It caused chaos at hospitals, schools and universities, manufacturing shutdowns, and overtime for cybersecurity professionals. Reports have confirmed malicious activity in Europe where the attacks began, US, China, South Korea, Indonesia, Vietnam and Japan.
Servers that weren’t updated after March 14 with the MS17-010 patch were affected; this patch resolved a vulnerability called ExternalBlue. It was a closely guarded secret by NSA but was leaked last month by a hacker group last summer. The most important part is that the ransomware did not spread because of people clicking on bad links as it is exploiting the vulnerability in windows OS and the only way to prevent it was to have the update.
What is WannaCry Ransomware?
WannaCry, like many other ransomwares encrypts data files and asks user to pay a ransom of $300 in bitcoins. The amount gets doubled if the payment is delayed by 3 days and files are lost forever if the payment is not made in 7 days.
An interesting thing which happened is the hackers build a kill switch but forgot to register the domain, however a 22-year-old cyber-security analyst accidently shut the attack down or rather slowed the spread as he had registered the domain. But this has only slowed the attack and it is strongly advised to update the systems.
Things to do to keep your network protected:
Ransomware are dangerous, especially because of direct monetary benefits attached to process. This increase the vulnerability of being held hostage. Many organizations have been victims and therefore it is strongly advised to keep the security updated. Cyber security, cloud based email protection and awareness can drastically reduce the probabilities getting affected. Even unknown network connections are very dangerous and employees should avoid connecting to company servers on public networks or via travelling.
Preventive Measures to keep in mind:
- Update Security Patches
- Back-up Regularly
- Cloud Protection for email
- Spread Awareness internally
- Keep Vigilant of content in emails
Logix Infosecurity provides latest security tools for keeping your organizations network secure online. We offer Cloud Email Advanced Threat Protection, given today’s threat landscape which is populated by increasingly sophisticated intrusions that take the form of advanced persistent threats, advanced targeted attacks, advanced malware, unknown malware, zero-day threats.