3 | ITque

Ransomware attacks happen everyday and most are localized to a particular computer or network. The WannaCry ransomware attack of May 2017 that affected networks and computer systems on an unprecedented, global scale affecting more than 230,000 systems in 150 different countries. This cyber attack was targeted at systems that ran Microsoft Windows software and were not yet installed with the latest security update. It spread quickly, affecting not just tech companies and businesses, but healthcare providers, government agencies, and average citizens.

According to various sources, users on systems infected with WannaCry would have access to all their files blocked and only two files were left accessible, one containing a description about what had just happened, and another that gave instructions on how to pay the hackers via Bitcoin, $300 within three days and double that in seven. If the payment wasn’t received then all held files would be deleted forever. Once behind a firewall, the ransomware spread quickly to all computers on the same network.

The Impact of WannaCry

WannaCry was the largest ransomware attack in history and it underscores the importance of keeping your networks updated with the latest security patches. The ransomware shut down factories, speed cameras, and hospital systems. The countries hardest hit were Russia, India and Taiwan.  Microsoft actually released a patch to protect systems almost two months before WannaCry started infecting systems, but the widespread damaged caused by the malware demonstrated that many organizations had not applied the update. The attack’s impact is generally considered to be low considering it didn’t target critical infrastructure like nuclear power plants, hydroelectric dams, or air traffic controllers. While it was successful as a ransomware attack, WannaCry was a total failure in it’s main purpose, to make its victims pay up. Only a small proportion of them actually paid up, with estimates of what the attackers made being around $140,000 and this figure is mostly due to the valuation of Bitcoin.

It Is Still Out There

By design, WannaCry is still out there trying to infect systems. A major component of the virus is an exploit called EternalBlue which is a tool that was leaked by the NSA that uses a version of Windows’ Server Message Block (SMB) to spread itself. This means that any infected systems that weren’t cleaned still continue to replicate the worm which leads to infections of un updated systems that continues to this day.

The Importance of Patching and Updating

The most vulnerable systems during the WannaCry attack were ones that ran older versions of operating systems that go unpatched, use older applications, are always logged in or use shared logins. This creates an unsafe environment that is easily exploited by worms like WannaCry. And it underscores the need for professional network security services to identify weaknesses like these, make updates, and keep your system safe from ransomware.

WannaCry may have been a failure, but globally, ransomware costs businesses over $1 billion every year. The best defense is to get the help of a trusted IT expert like ITque.

ITque will make sure your network, servers, and computers have the latest enterprise-grade AntiVirus and Endpoint protection to keep you safe from malware and ransomware. We’ll also make sure you have a robust backup and disaster recovery solution for an extra layer of protection. Call us today for a free IT security consultation!