WannaCry ransomware first appeared in April and a large scale attack hit a variety of industries in over 150 countries on Friday. It started in Europe but has gone global, disrupting many organizations and causing some to decide to shut down their entire IT infrastructure in response. While the exploit used by WannaCry was stolen from the NSA’s spy tools depository, the attacks do not appear to be political in nature.
WannaCry targets a vulnerability in older Windows systems and can encrypt nearly 200 types of files. After infecting just one computer, it invisibly replicates itself to other systems in your network. One infected user will put your entire network at risk. WannaCry can infect your network through a file inserted into your systems through the vulnerability, or the standard method of social engineering and getting an untrained user to open an infected email attachment.
If you have installed all the current patches to your Windows machines you are probably safe, but if you were already infected it’s too late. In an unprecedented move, Windows even released patches to older Windows platforms that are no longer supported. If you have system-wide ransomware protection, most vendors already have protection if you are current with those updates.
WannaCry is being called the most damaging attack in years by security experts. The initial ransom demand is small, only $300 worth of Bitcoins with a week deadline to pay, but if the weekend attacks are successful the cybercriminals could potentially increase that amount (they raised it to $600 a day later). No culprits have been found yet.
It is never too late to protect your networks and data. Planning and prevention is the key to stopping ransomware attacks: always update patches to operating systems; deploy firewalls and intrusion detection/prevention systems; educated employees about social engineering tactics; segment your network so areas are independent of each other to prevent the spread of infection.
Automated Information Technology Company (AITC) specializes in protecting small businesses from cybersecurity threats. Our services can protect you before threats happen, or remove them after the fact. We partner with TrendMicro, a top security software company that has prevented over 100 million ransomware threats.