Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

The Impact of WannaCry on the Ransomware Conversation

By this point, we’ve all heard about the major ransomware attack that impacted an estimated 200,000 computers across 150 countries earlier this month. A malware variant dubbed WannaCry made its way into network infrastructure globally, encrypting data and demanding a ransom of $300 USD per infected computer.

By this point, we’ve all heard about the major ransomware attack that impacted an estimated 200,000 computers across 150 countries earlier this month. A malware variant dubbed WannaCry made its way into network infrastructure globally, encrypting data and demanding a ransom of $300 USD per infected computer.

Aside from being the largest ransomware attack in history, there are a few other reasons why this attack is particularly unique. While the methods that were used were not net new, the approach was – that is, hackers took two of the most successful ways in which to target organizations and combined them to create a worldwide cybersecurity incident.

All indicators point to the initial infection occurring via a traditional phishing attempt, in which unsuspecting employees downloaded malicious files from their email. What made WannaCry so impactful was its ability to break away from its originating computer and rapidly traverse the network, infecting connected computers in its wake.

While phishing, ransomware and a fast-moving worm are not in themselves new, the combination of these strategies was epidemic-like. As WannaCry requires no ongoing interaction on the part of the attacker, it was the perfect method to quickly spread throughout a vulnerable enterprise.

While this approach isn’t entirely surprising, it is alarming and appears to be the first time that a ransomware payload has been targeted in this way at such a large scale.

Ransomware is not a new issue. It has been around for decades, and it’s been talked about in earnest in the security industry for several years now. Nonetheless, it continues to be one of the top causes for concern for CISOs, and ransomware attacks grew 36 percent in 2016. So why is it continuing to have such a major impact on cybersecurity? Because solving this problem is really, really hard.

Ransomware is so successful because it relies on a human element, and as much as we hate to admit it, humans are fundamentally flawed. It’s for this reason that WannaCry continued to impact computers well into the week following the initial attack, despite many organizations spending all weekend notifying their employees and the public and fixing the issues that hit during the business day on Friday. No matter how much employee training or awareness goes into instructing your employees or the general public to refrain from opening attachments, deleting unknown emails and paying attention to the crucial signs of ransomware, the mere reliance on humans is an inherent failing that cannot be overcome.

So what can you do to protect your organization from an inevitable targeting? While ransomware attacks and targets may have evolved, the ways to protect yourself haven’t. As I wrote in a post nearly one year ago, there are a few steps that organizations should absolutely implement before they are targeted by an attack.

Advertisement. Scroll to continue reading.

The best way to react after becoming the victim of a ransomware attack is to completely erase all data from your systems, removing the hackers’ ability to control your information. Take a “no negotiation with terrorists” stance. Of course, that also removes all of your own data, which means it’s crucial to have extensive back-ups, thereby removing the hold that criminals have over you altogether. Understanding your organization’s use and warehouse of data, and backing up all of that data, is an essential first step toward preventing any ramifications of a future ransomware attack.

It’s also important to develop a plan of action in the event that your organization is compromised. Consider the potential implications to your reputation, such as company valuation or public brand perception, if you do or do not pay a ransom. Have a plan in place that acknowledges the different stakeholders that need to be consulted before any decision is made, so you are fully aware of the chain of command to quickly and swiftly execute a remediation plan, if necessary.

If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.