A massive ransomware attack crippled thousands of businesses around the globe on May 12, 2017. Nicknamed WannaCry, the attack hit Britian’s National Health Services, FedEx, and ahost of major companies. Preliminary reports estimate the number of affected companies at over two hundred thousand. It is too early to put a number to the economic damage caused by the attack, but it serves a critical reminder of important cyber security principles.
Why Were So Many Companies Left Vulnerable To The WannaCry Attack?
The incident stemmed from a known vulnerability in certain Windows Operating Systems. Microsoft had patched the vulnerability on March 14, 2017 for its more recent operating systems, but did not patch several of its older systems, including Windows 8 and Windows XP. Furthermore, many organizations fail to keep their computers up to date with the most recent security patches, leaving their networks vulnerable to the attack.
A Software Vulnerablility
Many cyber security experts believe that original infection point for the ransomware happened through vulnerable networking protocols rather than through an email phishing scam. Once infected with the malware, a user’s computer would encrypt all of their data and then display a message telling the user the information would only be unencrypted after the payment of a fee via bitcoin. The amount sought by the malware was only $300 to $600 per computer, but reports are that users who paid the ransom did not receive an encryption key to release their data. READ MORE: Your Employee Is Your Biggest Risk For Being Hacked
NSA's Involvement With WannaCry
Complicating matters somewhat, the blueprint for the attack and the information about the Windows vulnerability originated from the National Security Agency. The NSA had discovered the vulnerability and created a tool that would allow them to exploit it to spy on persons of interests. The information about the vulnerability and the tool were stolen from the NSA; the NSA did not alert anyone to the existence of the vulnerability until after the theft. Experts now believe the theft and the attack originated from North Korea.
Some Steps That Businesses Can Take
"In order to avoid falling victim to similar ransomware attacks in the future, businesses can take some basic but absolutely vital steps to protect their networks," advises Charlie E. Bernier Principal Consultant and Cyber Insurance Expert at ECBM. " Most importantly, companies must make sure all the devices on their network are up to date with the most recent security patches. Ensuring that all devices have been updated can be difficult, but its crucial to avoid falling victim to these attacks. "
Additionally, companies must proactively back up their work throughout the day to make as much information recoverable as possible. The use of cloud services and non-localized data storage can also help accomplish this. It may also help serve to remind companies of the importance of isolating certain critical systems so that they can continue to operate even if less critical systems become infected.
As more and more money and information moves online around the world, these type of massive global attacks will simply continue to become more and more common. Act now to protect yourself.