Wednesday 17 May 2017

Meet WannaCry: A Simple Explanation of This Dangerous Global Cyberattack and How to Reduce Risk of Infection

Posted by at 7:15 AM

On Friday, May 12, a dangerous new ransomware called “WannaCry” started a rapid spread across the globe, infecting thousands of computers including government agencies, factories and health services. The ransomware prevented users from accessing files—then an on-screen message would pop up demanding payment of hundreds of dollars in virtual currency called,  Bitcoin, to unlock their files.

Who was affected?

More than 150 countries were impacted by WannaCry. Chinese security-software provider Qihoo 360 said hundreds of thousands of computers were hit at nearly 30,000 of their institutions and government agencies alone

A spokesperson for Hitachi in Japan said their computer networks were unstable. Other high profile victims of this unique ransomware attack included one-fifth of United Kingdom hospitals—creating potentially life-threatening situations because doctors were forced to stop procedures and ambulances were diverted. Computers at a Spanish phone company, Automaker Renault and U.S. shipper FedEx were also impacted.

What makes WannaCry ransomware different?

Ransomware has been around since at least 2005. There are many versions and they work by requiring a user to open an email attachment or click on an advertisement containing malicious software. What is so worrisome about WannaCry is it needs no human interaction. It is the first ransomware to be completely automated and able to spread on its own.

Using a multi-layered defense offers the best protection.   

Cyberhackers, like the perpetrators of WannaCry, are unlikely to be one person but a syndicate working underground with sophisticated encryption to hide their activities. While the U.S., to date, has dodged the bullet on the worst of the WannaCry ransomware, variants of it will come.

In fact, the initial version of WannaCry was rendered disabled within about seven hours—and at least 469 copycat variations have already been released according to Andreas Marx with AV-Test, a German-based security testing company.

Creating a multi-layered defense against cybercrime is the best approach to reducing the risk from ransomware and other criminal attempts. Many businesses, healthcare, financial, education and other organizations are finding that partnering with a managed service security provider (MSSP) is offering some peace of mind from cyberthreats.

Multi-layered MSSP vulnerability management protections include:

  • Microsoft and third-party patching – Latest updates installed in your environment.
  • Anti-Virus – Blocks ransomware attempts like WannaCry.
  • Managed Firewall – Includes appliance management and monitoring, gateway security, forensic analysis, reporting, support services and more.
  • Blocking – Consistent prevention of suspicious file extensions like those used in WannaCry by evaluating vulnerabilities across your organization, prioritizing security risks and constant monitoring, analyzing data, reporting findings and making recommendations to keep your system free from harm.

These defenses must be in place before there is an issue, by the time you read about a threat such as WannaCry, it is probably too late.  Malicious attacks cost money, reputations and can even put lives in danger, as happened in Britain. Beyond your system hardware protections, an MSSP can also offer employee education—because hackers often find opportunities by exploiting human error. Today, everyone in an organization must be responsible for cybersecurity. It’s worth a conversation to find out how an MSSP can lower your risk and help you sleep better at night knowing your business has taken appropriate precautions against cybercrime.