Lessons We’ve Learned from the WannaCry Ransomware Attack

Hundreds of thousands of computers around the world fell victim to a ransomware attack called WannaCry on Friday 12 May 2017, rendering their systems inoperable.

Believed to have affected more than 230,000 computers in more than 150 countries, the ransom virus affected many healthcare organizations, airlines, governments, telecommunications companies, colleges and other businesses.

Ransomware is malware that encrypts the content on a computer’s hard drive and locks it behind a password. The software then demands that you pay a ransom to get your files back. In the meantime, your organization’s IT infrastructure is crippled.

WannaCry was spread across the internet and local networks on systems that had not been updated with recent security updates, which the allowed it to directly infect systems that were vulnerable. Microsoft had issued a critical patch in March 2017, two months before the attack, but it had not been applied to IT systems by many organizations.

Particularly vulnerable were organizations still running older, unsupported operating systems such as Windows XP and Windows Server 2003.

One of the worst affected organizations was the National Health Service in the United Kingdom, where around 70,000 devices were compromised. This included computers, MRI scanners, operating theatre equipment and blood-storage refrigerators. Not only did WannaCry have an impact on itaIT systems, but it also had the ability to compromise patients’ health and welfare.

Experts, including the Federal Bureau of Investigation, warn that if your systems are infected with ransomware, you should not pay the ransom. There is no guarantee that you will successfully recover your data. In fact, if you pay up you might be a target for future attacks of this type.

But even if you don’t pay the ransom, trying to fix your IT systems is going to be expensive and take away valuable time you could be devoting elsewhere. There’s also the reputational damage it can cause your company and, like in the National Health Service example, it can have potentially devastating consequences for health systems.

The best solution for businesses is to avoid contracting malware in the first place. While WannaCry was dubbed as the “biggest ransomware outbreak in history”, the concept isn’t new.

Some of the cyber security steps you can take to ensure you don’t become a victim of this type of attack in the future include:

1. Having a robust management system in place to ensure your IT systems are updated as vendors issue patches. As we saw from WannaCry there was a two month window between the Microsoft patches being released and the attack – this is something that you cannot afford to delay, your patching needs to happen in a timely manner.

2. Don’t run software on your network that is out-of-date and no longer supported by the manufacturer.

3. Have a solid backup system. You should have both local and remote backups that are encrypted and secured. It should also be automated and continually monitored. If the worst should happen you can restore your information more easily.

4. Run cyber security training for your staff to educate them about the dangers of clicking on links and attachments from untrusted sources.