WHAT IS NOW being affectionately referred to as the WannaCry cyber-attack was first detected Friday afternoon – and his since hit more than 200,000 victims worldwide.
While we are well used to seeing cyber events hit the media headlines these days, this so-called ‘ransomware’ phenomenon has enjoyed unprecedented levels of coverage.
No wonder, since it seems to have spread from nothing in a matter of hours to disrupt operations in the UK’s NHS, Spain’s Telefonica, Fedex, as well as many other government agencies and businesses across over a hundred countries.
Ransomware isn’t new – lots of financially motivated cyber criminals have been using it to extort relatively small amounts of money from victims over the last five years.
However WannaCry will go down in history because it hammers home some simple truths, none of which are particularly new, but all of which merit renewed priority.
Cyber criminals are constantly evolving their methods to create ever-more effective ways of monetising the flaws in computers’ software, and more often this is interfering with data integrity rather than compromising its confidentiality.
Why the stir over Wanna Cry?
1. Humble beginnings. Initial WannaCry infections seem to happen in a similar way as typical ransomware, where a victim clicks on a malicious link or executable in a phishing-style email that compromises their own computer.
From here, the ransomware encrypts documents on that specific computer and ones that user can access over a Windows network.
2. Spreads like wildfire. However, WannaCry then spreads much more aggressively to other computers over the network without requiring further interaction from users.
In this way it is more like self-propagating malware (commonly known as ‘worms’), which makes it a far bigger issue for companies and other organisations who rely on large networks of interconnected systems.
3. Secret weapon. Wanna Cry exploits a software flaw that is reported as being part of a nation-state security service’s arsenal of cyber-weapons, which was not publicly known until it was apparently captured and disclosed by a different nation-state.
4. A patch in time. Microsoft had already released a patch for the vulnerability back in March, so in theory, if everyone was able to apply patches to their Windows computers in a reasonable time frame (4-6 weeks), WannaCry would have been a damp squib.
However, the reality is that many people and organisations either don’t or can’t apply that patch – due to operational constraints, lack of budget, lack of asset tracking, or just lack of awareness.
5. Self-destruct button. This version of WannaCry had a built-in ‘kill switch’ in the form of a check at initial infection time for an odd-looking internet domain name – if this was detected, the malware went dormant and didn’t spread itself further.
6. Recovery steps. Like all ransomware, WannaCry tells you your files are encrypted and demands a ransom payment for the key to unlock them again. Reinstalling the computer operating system and restoring your data from backups is the main recovery measure for now.
7. Aftermath. Despite the widespread disruption caused, WannaCry’s creators appear to have only gathered around $30,000 in Bitcoin (an anonymous cryptocurrency) payments since Friday, however costs from the damage caused will run to far higher than this.
So what now? It’s highly likely that WannaCry will be modified either by its authors or other cyber criminals and it will be unleashed again.
The world will never be the same, in that we can now expect other ransomware to be able to spread without user interaction from one initially infected computer to others.
For businesses, protecting yourself against these vulnerabilities doesn’t need to be complex, which is why attacks such as this can help to put the fire under companies and individuals who might be overlooking the basic actions they need to take to protect themselves.
So how can you protect your business?
The advice on how to protect yourself remains the same as always:
- Stay up to date with vendor fixes for whatever software you are using by applying patches regularly
- Make regular backups of your important data, store them safely and test that they work
- Learn to recognise phishing emails; don’t click on web links or open attachments contained in them and communicate this to your employees
- Use a firewall to keep your computer protected while on the internet
- Ensure your Microsoft Windows account is a user-level account, not a privileged administrator one
- Disable any features or network services you don’t need on your computer.
True cyber resilience is a product of knowing yourself and your ‘crown jewels’, knowing your enemy and how they operate and establishing an appropriately resourced and funded programme in line with your expressed risk appetite.
Cyber criminals are indiscriminate about their victims, so as unnerving as it sounds, we should all feel like we are a target, all of the time.
Hugh Callaghan is cyber security leader at EY Ireland.
If you want to share your opinion, advice or story, email firstname.lastname@example.org.