WannaCry ransomware attacks - what have we learned?
We are still in the midst of the fallout from the ‘WannaCry’ ransomware attacks which have affected hundreds of thousands of computers globally including several NHS Trusts, Germany’s rail network Deutsche Bahn, Telefonica, US logistics giant FedEx and Russia’s interior ministry. The fact that the cyber criminals behind the attack were able to utilise tools first developed by the US National Security Agency gave the attack a new potency.
17 May 2017
The attack has been described by many, including Microsoft President and Chief Legal Officer Brad Smith as a ‘wake up’ call and it is exactly that. We are still discovering the exact cause and effect, however, what has become clear is that outdated systems running Windows XP were particularly vulnerable as were newer systems that had failed to apply a patch issued by Microsoft in March.
It’s easy to point the finger of blame, and indeed many politicians are doing just that, however it’s different when you’re at the coalface running real IT systems. The WannaCry attacks were exceptional in terms of the level of sophistication. We have seen ransomware before of course but what’s different here is the ‘military grade’ code behind it. It is possible that patched systems would have stopped or slowed the attack, but for enterprise organisations running hundreds or thousands of individual machines, applying the updates is still a relatively time consuming process.
One thing that we can say for certain about this attack is that it doesn’t appear that information was ‘stolen’ as such – ‘WannaCrypt’ has mirrored other ransomware attacks in that it has encrypted data so that users cannot access it unless (in theory) they pay the criminals and obtain a ‘key’. Having said that, there is still no guarantee that a key would be available and it is best practice not to pay the extorters.
Where this leaves us, is to stress the importance of backup. Simply put, if data is properly protected then the risk of ransomware is hugely mitigated. An attack could still infect computers, take business offline for a while and be hugely disruptive, BUT the attackers are left without leverage because the data can be recovered and the firm remains in business. And it is a sad fact that statistics show that 70% of businesses that experience a major data loss are out of business within one year.
So, if your organisation has come out of this attack unscathed then firstly breath a huge sigh of relief however don’t rest on your laurels. Ransomware can morph and become even more dangerous. So, test your backups today. Make sure your cloud provider (if applicable) can recover your data. Make sure that a) you have a plan and b) that it is up to date.
The game has now changed – do not be the next victim.