With all the media attention last week you would be hard-pressed to not of heard about the WannaCry cyber-attack. Businesses of all sizes and even hospitals and police departments found themselves crippled with out warning.
Here in Australia we looked to have missed a large part of the attack due to the time zone differences and the fact that a kill switch was found for the malware. We shouldn’t rely on these factors going forward though. This articles details what the malware is, why it caused so much damage and how to protect ourselves moving forward.
What is WannaCry?
The WannaCry cyber-attack was a type of malware (the collective name for malicious software which includes viruses, worms and spyware) called ‘ransomware’. Just like the name suggests, it actually demands money from the owners of the computers infected. Like all ransomware attacks, WannaCry encrypts your files and holds them hostage until payment is made – in this case, the price was set at $300 payable with the internet currency Bitcoin (and you had 3 days to pay before it doubled). If you don’t pay the ransomware threatens to permanently delete all your files. It is not yet known how much money the WannaCry hackers have earned with their latest attack – but you can be sure that plenty of people have paid the ransom. Even the FBI recommends paying the ransom – especially if the ransomed files are of a sensitive nature or weren’t backed up.
How It Spread So Fast
WannaCry self-replicates and spreads. So far, no common trigger has been identified, as is normally the case with phishing links (a phishing attack needs to be activated – usually with a click). WannaCry moved rapidly from system to system, spreading out through the entire network, including all connected backups and storage devices. At the same time it infected other networks, who then spread it further and further. Given the nature of the internet it had spread widely within hours.
Why Some Businesses Were Safe
WannaCry took advantage of a specific vulnerability in Windows of which Microsoft patched months ago. Thus only systems that have fallen 2 months behind in their Windows updates were infected. Without that patch, the ransomware could waltz right past the firewall, past the anti-virus and directly into the system (the NHS were reportedly running Windows XP – which is no longer supported by Microsoft). Those running Windows 10 or a fully patched, recent version of Windows were completely unaffected as the virus literally had no way in
This outbreak shows the importance of staying up to date with security patches on your systems. We haven’t yet seen a second spike in WannaCry attacks yet, but that doesn’t mean there won’t be one. A quick Windows update could protect your business from weeks of downtime and lost revenue making attacks like this a non-issue.
With our regular maintenance plans we can make sure you stay up to date and protected. Give us a call today at 08 8326 4364 to discuss ways we can help your business stay safe.