The Impact of WannaCry on the Ransomware Conversation

By this point, we’ve all heard about the major ransomware attack that impacted an estimated 200,000 computers across 150 countries earlier this month. A malware variant dubbed WannaCry made its way into network infrastructure globally, encrypting data and demanding a ransom of $300 USD per infected computer.

Aside from being the largest ransomware attack in history, there are a few other reasons why this attack is particularly unique. While the methods that were used were not net new, the approach was – that is, hackers took two of the most successful ways in which to target organizations and combined them to create a worldwide cybersecurity incident.

All indicators point to the initial infection occurring via a traditional phishing attempt, in which unsuspecting employees downloaded malicious files from their email. What made WannaCry so impactful was its ability to break away from its originating computer and rapidly traverse the network, infecting connected computers in its wake.

While phishing, ransomware and a fast-moving worm are not in themselves new, the combination of these strategies was epidemic-like. As WannaCry requires no ongoing interaction on the part of the attacker, it was the perfect method to quickly spread throughout a vulnerable enterprise.

While this approach isn’t entirely surprising, it is alarming and appears to be the first time that a ransomware payload has been targeted in this way at such a large scale.

Ransomware is not a new issue. It has been around for decades, and it’s been talked about in earnest in the security industry for several years now. Nonetheless, it continues to be one of the top causes for concern for CISOs, and ransomware attacks grew 36 percent in 2016. So why is it continuing to have such a major impact on cybersecurity? Because solving this problem is really, really hard.

Ransomware is so successful because it relies on a human element, and as much as we hate to admit it, humans are fundamentally flawed. It’s for this reason that WannaCry continued to impact computers well into the week following the initial attack, despite many organizations spending all weekend notifying their employees and the public and fixing the issues that hit during the business day on Friday. No matter how much employee training or awareness goes into instructing your employees or the general public to refrain from opening attachments, deleting unknown emails and paying attention to the crucial signs of ransomware, the mere reliance on humans is an inherent failing that cannot be overcome.

So what can you do to protect your organization from an inevitable targeting? While ransomware attacks and targets may have evolved, the ways to protect yourself haven’t. As I wrote in a post nearly one year ago, there are a few steps that organizations should absolutely implement before they are targeted by an attack.

The best way to react after becoming the victim of a ransomware attack is to completely erase all data from your systems, removing the hackers’ ability to control your information. Take a “no negotiation with terrorists” stance. Of course, that also removes all of your own data, which means it’s crucial to have extensive back-ups, thereby removing the hold that criminals have over you altogether. Understanding your organization’s use and warehouse of data, and backing up all of that data, is an essential first step toward preventing any ramifications of a future ransomware attack.

It’s also important to develop a plan of action in the event that your organization is compromised. Consider the potential implications to your reputation, such as company valuation or public brand perception, if you do or do not pay a ransom. Have a plan in place that acknowledges the different stakeholders that need to be consulted before any decision is made, so you are fully aware of the chain of command to quickly and swiftly execute a remediation plan, if necessary.

If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.