By now, you must have already heard about the infamous WannaCry ransomware. By exploiting a Windows 7 operating system vulnerability, it infected more than 200,000 systems across 150 countries. It demanded that its victims hash $300 in Bitcoins -- a ransom that could double if not paid on time. Although a common form of ransomware, WannaCry made headlines because of its widespread, global reach.
It has been weeks since the initial attacks that affected the UK’s National Health Service, internet broadband provider Telefonica, other high-profile organizations, and thousands of small- and medium-sized enterprises. Ransomware attacks aren’t new, so what makes WannaCry remarkable and what should people expect in the coming months?
Latest updates
When news first broke, it looked as though any Windows machine that hadn't been updated since March was vulnerable. But according to recent research, 98% of all infections happened to Windows 7 computers, and Windows XP computers are almost immune to WannaCry. Even attempts to manually install it have failed, resulting only in an innocuous “blue screen of death” crash.
Based on a linguistic analysis of the ransom notes issued to victims, it was also recently revealed that the ransomware’s authors likely have links to China. According to researchers, the notes were originally written in English and Chinese. Given the glaring grammatical errors in the English version, the researchers concluded that it was written by a non-native speaker, while the Chinese note was relatively well-written and contained more substantial information.
While these updates shed some light on WannaCry’s origins, authorities are still far from uncovering the criminals’ identities. What needs to be stressed is that the reported number of affected systems is a hugely conservative estimate. Researchers also found out after the first two weeks of the attack that the number of infected and reinfected systems is actually between 14 and 16 million.
Mistakes found
Despite its immense impact, WannaCry is perceived as a highly flawed attack. Cyber security investigators call the hackers sloppy and amateurish because even though it spread wide and fast, earnings were pegged at only $100,000 -- quite a small amount in the lucrative cybercrime industry.
Despite the massive vulnerability coded into WannaCry, the programming to weaponize it wasn’t strong enough to inflict maximum damage. Another area where the hackers failed was in their handling of Bitcoin payments. Unlike more sophisticated ransomware strains, the WannaCry attackers failed to deploy an automated Bitcoin payment system, which made it difficult for them to determine whether or not a victim has paid.
Extorting money is the primary motivation behind ransomware attacks, but because of the failed execution, security researchers suspect that WannaCry was unleashed not just to make money, but also to expose the National Security Agency, which knew of the exploits in advance but failed to share the information with the public on time.
Preventive measures
The attacks have subsided and awareness has been raised, but does this mean businesses can ignore implementing strong network security measures?
Hackers are unrelenting and would leap at the opportunity to launch a new wave of attacks. WannaCry is completely preventable, so we suggest you take the following steps to avoid becoming a victim:
- Install anti-virus programs - By now, the most recent version of your antivirus and intrusion prevention tools should have updated security content to protect against new strains of WannaCry and other ransomware. Note that antivirus solutions work best when integrated with other security systems such as intrusion prevention systems and firewalls.
- Update your operating system - Updating to the latest version, such as Microsoft 10, greatly reduces the likelihood of infection, as software vendors almost always release up-to-date security patches.
- Back up, back up, back up - Backing up your data in a secure cloud or on external drives lets you easily and safely store and retrieve files. It can also save you from having to deal with ransomware attacks and paying a ransom.
At Fluid Networks, we have had zero infections on any of the computers and networks we support, thanks to the vigorous network security solutions we implement for all our clients. If you want to avoid ransomware and other malicious attacks, call us for advice.