On Friday, an unprecedented cyberattack affected a large number of Microsoft Windows-based computers through a type of malware known as ransomware. Although ransomware has been increasingly prevalent over the last few years, this particular version, called "WannaCry," spread quickly and widely around the world. Many believe that the cyberattack will continue.
Ransomware is generally spread via email messages that contain infected attachments. When a user opens the attachment, a program runs that encrypts the user's computer and demands a ransom be paid, typically in bitcoin, for a key that will unencrypt the files. In this case, the attackers are asking for between $300 and $600 to unlock the files.
As of Sunday, it had impacted tens of thousands of systems, more than 200,000 individuals, in more than 150 countries. Many of these attacks occurred in Europe and Russia. Perhaps the most notable impact occurred in Britain, where several hospitals were infected, leaving operations, including patient care, debilitated to the point where patients had to be turned away to other, non-impacted hospitals. Auto manufacturers, railroad operators, and others have also been impacted in Europe.
Due to some quick thinking on the part of a British malware researcher, the spread of WannaCry has slowed, but risk still remains. Most believe that businesses will continue to be impacted at the beginning of the workweek; worse, the fix engineered by the researcher likely will be accounted for in the next version of the ransomware.
It is important to note that WannaCry takes advantage of a vulnerability in Windows systems for which Microsoft released a patch in March of this year. If your Windows systems have not been patched, or if you are running older versions such as Windows XP, you may be vulnerable and should take appropriate steps immediately.
The best way to avoid getting attacked by this ransomware is to ensure you have installed the patch. The best way to avoid getting attacked by other ransomware is to evaluate threats to your organization, assess your risk, and ensure you are taking appropriate mitigation and remediation steps. Those steps should include training users on how to spot and avoid phishing attempts, conducting regular penetration tests and cybersecurity gaps assessments, and keep all systems up-to-date with the latest version of software.
If you are attacked, the best defense against ransomware is to have secure backups of all critical systems so that if you are attacked, you can restore your systems quickly without having to pay the ransom. If you do not keep secure backups of your critical systems and data, you should begin doing so immediately.
Venable's nationally recognized Privacy and Data Security practice uniquely brings together legal, policy, and technical experts to help our clients with a wide range of cybersecurity issues, including those discussed above. If you are worried about being or have been impacted by WannaCry, other malware, or have any cybersecurity-related questions or concerns, please contact the authors.