Businesses “Wannacry”, new ransomeware strain is back
Many organizations have been constantly hit by cyber threats in recent times. As technology advances, threats to its safety increases. Most of these cyber threats come in form of a malware known as WannaCry. This malware has already proved to be one of the virulent and hypothetically destructive cyber attacks ever to be observed in the history of hacks. Its targets being organisations, large companies, government and any other establishment hackers feel they can make a fortune from. Amongst establishments attacked are Telefonica, a multinational Spanish communications company which owns O2; Hospitals across Britain’s National Health Service are among the high profile victims affected by this ransomware – patients’ record was taken offline. In Portugal, Telecom was a victim, In US FedEx was a victim. Various reports also emerged of infections in Asia (Universities in China in particular). All these attacks do something similar, once infected, the victims’ computer’s files become encrypted, and then the user gets a ransomware demand – usually asking for payments in bitcoin, the underlying conditions being that this must be paid in full before the user access to his system is restored.
This technique has been on the rise, causing 36% of global cyberattack damages annually. And so far, the criminals using this malware are yet to be known but Security Agencies are scrambling to find out. Cyber intelligence analysts reviewing the dark web have asserted that the payments demanded by the ransomware operators could be linked back to one bitcoin account. And these attacks have so far been successful because it had been paid less attention to in the times past, it was initially considered to be an elementary threat. The ransomware is usually spread through emails that are sent in bulk to unsuspecting internet users. Though the attack on big organisations and businesses are rare.
The WannaCry ransomware contains numerous mechanisms, it initially arrives like a dropper, this is an independent program that pulls other application components fixed within itself.
- An application that encrypts and decrypts data
- Files containing encryption keys
- A copy of Thor
Once launched, the WannaCry makes attempt to access a hard-coded URL, and if this isn’t possible, it proceeds to examine and encrypt files in a slew of important formats, from Microsoft Office files to MKVs and MP3s, making them inaccessible to the user. It then displays a pop-up message, demanding a certain amount of dollars in bitcoin to decrypt the files.
Just last Wednesday, Boeing was hit by a ransomware. This was later made public and confirmed by Boeing executives as the same sort of Ransomware that hit over 70 countries around the world in the previous years.
This attack has triggered extensive alarm among the company customers and within the company itself, though in a short span of time, Boeing called for calm, claiming to have dealt with the threat by applying security patches to its systems.
Underlisted are some simple steps to protect yourself and your computers against the WannaCry Ransomware:
With the looming GDPR (General Data Protection Regulation) it is imperative as a business owner to take responsibility over the security of your customers data. Some very simple practices can be implemented to ensure this is this the case, these include:
- Implementation of a Disaster Recovery solution (more comprehensive backup) which holds multiple versions of your data both onsite and securely offsite.
- Integration of a hardened fully managed anti-virus and malware solution which will prevent users from activating a threat or at minimum lock the system down to prevent the spread of the infection.
- Regular patching of your computer systems to ensure that you have the most up to date and stable software versions that may have addressed a number of security exploits.
- Implement a password policy, ensure your passwords are complex, are recycled every 3-6 months and you have an account lockout process in place.
- User education, ransomware is usually delivered through spear-phishing and malicious drive-by. So, users are urged to refrain from clicking on suspicious links and verify attachments in emails before clicking or downloading.
Remember we are here to help and offer a complimentary IT infrastructure review, just click here to find out more or call us on 0800 0822420.