WannaCry affected over 200,000 computers in 150 countries, but now what?
As an IT company, you can imagine the cyber attack that successfully encrypted information in 150 countries over the weekend was a hot topic in our Monday morning meeting. The impact was still unfolding as we discussed mechanics of the attack, the implications of the mechanics, and how our clients would be affected. There was a lot of technical jargon thrown around and speculation about the facts, but the underlying feeling was that this attack has changed the game for cyber security. But first, let’s make sure we get the facts straight.Image from BBC World News http://www.bbc.com/news/world-39919249If your computer was connected to the internet on Friday, May 12 and operating on a Windows system that wasn’t updated with the latest patches, you stood a chance of getting hit. Countries with high usage of pirated software and outdated versions of Windows were most severely affected for that very reason. In this article, BBC World News covers the totals from countries with the most affected computers, highlighting Russia as the primary target and China as the most affected with over 30,000 institutions and organizations infected. And as I’m sure you’ve heard, the most life-threatening attack was locking down UK hospitals. In total, more than 200,000 computers were affected in over 150 countries. The spread of this ransomware in a matter of days around the world is unprecedented, but there were some very puzzling things about how it was set up and how it started.
Why is WannCry Such a Puzzle?
Poor Coding
- While the ransomware was very effective in the time that it was active, its own design quickly led to its failure. A piece of code that was intended to keep it from being detected was the very thing that a 22 year old British security researcher used to unwittingly stop it in its tracks. You can read his far more technical explanation here. Overall, the design of the ransomware itself was surprisingly amateur.
Ineffective Ransoms
- The attackers did not set up hotlines to persuade victims to pay the ransom. And as far as researchers can tell, there were only three bitcoin wallets set up and no one has emptied the minimal sum of $50,000 from the wallets paid as of May 16, according to Business Insider. They were not prepared to handle bitcoin payments based upon such a wide distribution.
Unknown Origin
- Researchers understand that once one computer was infected in each network, the ransomware used a vulnerability in outdated Microsoft Windows that allows the ransomware “worm” to spread from one device to another very rapidly. However, what they are having a hard time finding is the source in each system. A few emails with the ransomware have been found, but it is clear that it did not take many to spread the worm worldwide with very little assistance from users. Without being able to tell how it started, it makes it much harder to stop similar future attacks.
How do we stop another attack?
Stopping another attack of this magnitude could be very difficult in the future because it does not appear to rely on users doing much of anything to spread like wildfire. Microsoft has called this a wake-up call for Windows users around the world and we agree 100%! While this particular version of ransomware was poorly designed, it is only a matter of time before a smarter, more sophisticated cyber criminal utilizes the same technique with better success. We cannot continue to ignore the need to proactively protect our network environments.
So while it becomes harder and harder to trace and stop the attacks themselves, there are plenty of tools and services out there that you can take advantage of to protect your computers and networks. We call this a layered security approach and it is how we protect our clients from attacks on a daily basis. For example, one layer is keeping up to date on the latest version of Windows. Our team makes sure your computers are updating on a regular basis. Another layer is Sonicwall’s active next-generation firewall security services, which basically means a very smart firewall that adapts to the latest threats. You can read here about how Sonicwall was preparing for such an attack as this since April 2017 and responded quickly on May 12, 2017 with additional support.
How do I protect my business?
- Start thinking about cyber security like you think about locking your car and your house. You don’t leave them unlocked, why would you leave your data unprotected?
- Make it a habit to keep your computer updated.
- Stop and think before you click a link in an email.
- Click here to download our Cyber Security Tips and Tricks
Give us a call today 1-888-330-8808 to get additional layers of security to protect your environment!
Our premier SECaaS solutions are built on an incredibly sophisticated software called SonicWall (this is where that SaaS comes into play). Not only is SonicWall the only firewall provider that offers SECaaS , but Integris is the only certified distributor of the program in the region, making it the highest ranked distributor of SonicWall in Northeastern U.S. If our five-point SECaaS solution didn’t impress you, we know that will.
Our SECaaS program is only the first of our five cyber security services. Even more security, custom fitted to your company’s needs? How could you NOT want to learn more about our cyber security services? Don’t worry — we’ll tell you everything you want to know!
Was this article helpful?
For more information about how Integris can benefit you.
