The first infection struck at around 8:24am London time on Friday.
Somewhere in Europe, an oblivious computer user opened an email attachment with a compressed zip file. Inside that zip file lurked very dangerous ransomware: WannaCry.
Much like the animal liberation activists from the movie 28 Days Later who released a chimp that went on to attack and infect everyone present, WannaCry went on to infect 200,000 computers around the world. That number is still climbing. It was one of the biggest cyberattacks yet. It affected private and public organizations.
So what is WannaCry exactly?
It’s basically ransomware that affects vulnerabilities in Microsoft Windows computers and it’s believed to be using technology developed by the NSA that was leaked by hackers in mid-April.
These vulnerabilities are safeguarded by an update that Microsoft released back in March, and another one released last Friday. Organizations that rely on dated software, like the National Health Service in England, where a vast majority of their computers run on old software, are most vulnerable.
WannaCry proliferates through e-mail and other data sent from computers unprotected by anti-malware firewall. Ransomware blocks access to data until ransom demands are fulfilled. WannaCry attacks through vulnerabilities in Microsoft Server Message Block 1.0 (SMBv1). It also spreads via email sent from computers operating on Windows systems, unprotected by firewall against malware. Such email could appear as sent by ordinary people and trusted sources.
The ransomware spreads like a worm virus, from machine to machine, first by luring a user into clicking a link or an attachment. Once the virus takes hold of the computer, it then encrypts files, locks the user out of the computer, requests a ransom and then spreads to other computers within a network, as is the case in major organizations with large computer networks.
So how does one prevent a ransomware like WannaCry?
It’s difficult to actually prevent it from spreading through your computers if you are opening unknown zip files but the only way to mitigate such an attack is by keeping your machines patched, updated, and properly backed up. Many organizations fail to keep their machines properly updated and very few have a well thought out disaster recovery plan. This is something that ReadyNetworks can help your organization with!
For more information on how you can better protect your organization from Ransomware,
check out our infographic below: