Using a tool that was allegedly stolen from the U.S. National Security Agency, cyber criminals exploited a flaw in Microsoft’s Windows system in order to spread malware dubbed WannaCry. Initial reports indicate that the WannaCry attack used ransomware to hijack computer systems and demand money in the form of bitcoin, a type of digital payment system.
Who’s Impacted?
The attack, which took place May 12, 2017, has impacted over 200,000 users in at least 150 countries who hadn’t installed a security patch Microsoft Corp. released back in March. Notable victims include Britain’s National Health Service, FedEx Corp., Nissan Motor Co., Renault SA, and a number of banks and universities.
The number of infected users is expected to increase as more and more individuals return to work and boot up their systems.
It has not yet been determined how much money the attackers have received as a result of the ransomware. Experts recommend that companies avoid paying the ransom if infected, as there is no guarantee that systems will be restored.
How Does WannaCry Work?
The virus itself contains two parts. The first part is the ransomware, which locks a computer and then displays a message demanding money.
The other part is the “spreader.” In essence, after a user opens an infected email attachment, the spreader transmits itself to other computers on the network.
The ransomware initially requests around $300 and, if no payment is made, it threatens to double the amount after three days and delete files within seven days. Once it infects one computer in a network, WannaCry can spread within seconds.
Because data security professionals often focus on blocking hackers from entering a system, in-network security measures tend to be more lax. As a result, WannaCry was easily able to exploit common file-sharing practices of employees in order to spread the virus quickly from computer to computer.
Is There Still a Risk of Infection?
While the outbreak was halted thanks to MalwareTech, a private security researcher, experts are concerned that another version of the ransomware could be released soon—a version that has no kill switch.
While initial patches can help prevent attacks, they may take time to install, particularly for large organizations. Even more concerning still is that some computer viruses are designed to remain dormant until they are connected to a large network.
Planning Ahead to Prevent Future Attacks
The WannaCry attacks illustrate the importance of ensuring that any and all software patches are up to date. In addition, every employee should be trained on cyber security and instructed to never click on suspicious emails or attachments.
Other precautions include the following:
- Update your network if you haven’t yet and implement the appropriate software patches.
- Turn on auto-updaters, if available.
- Don’t click on links that you don’t recognize.
- Don’t download files from people you don’t know.
- Back up your documents regularly.
Following this attack, organizations are likely to be more proactive in adjusting security measures so malware can’t spread automatically.