Late last week, businesses and organizations around the world in more than 150 countries were hit with a strain of ransomware known as Wanna Decryptor, WannaCrypt, WanaCrypt0r and WannaCry—and the ransomware shows no signs of stopping. According to a CNN article, the attack was so extreme that it “caused Britain’s NHS to cancel surgeries, a wide array of Russian and Chinese private and public institutions to be crippled most of the day, and the rest of the world to recoil in shock.”
At Carousel, we’ve been fielding several questions from clients about this issue and how they can best protect themselves (and their sensitive data) from this type of attack. We’ve compiled a Q&A of some of the most pressing questions…
Have questions about improving your security program? Well-versed in every layer of security, our experts will evaluate, recommend and deploy the latest next-gen security. Click to learn more.
What is ransomware?
Ransomware is a type of malware that encrypts a user’s documents, photos, and other files, requiring the victim pay for a decryption key to unlock them. If there are connected devices like a USB drive, those items will be impacted as well.
Once infected, a landing page displays demanding money (typically in the form of Bitcoin) to decrypt the files and return the computer to its normal state. Typically, if the victim doesn’t pay up in a few days, another landing page will display demanding more money and a risk of the files being permanently deleted.
What is the significance of the WannaCry attack?
This is believed to be the largest scale attack ever recorded. Affecting countries around the globe, WannaCry shows how quickly systems can be impacted and brings to the forefront the importance of basic security hygiene—like routine offline data backups and ongoing product patching.
You May Also Like: 3 Ways to Leverage Managed Services for Security
How does this ransomware spread?
Targets becomes victims thanks to phishing emails or suspicious attachments. Once that user’s system becomes infected, the code can scan through the network and make its way to other, unsuspecting victims.
Per Brian Krebs of KrebsOnSecurity.com, “Wanna is spreading with the help of a file-sharing vulnerability in Windows. Microsoft issued a patch to fix this flaw back in March 2017, but organizations running older, unsupported versions of Windows (such as Windows XP) were unable to apply the update because Microsoft no longer supplies security patches for those versions of Windows.”
I want to be proactive against this—and other types—of malware. How can I protect my technology?
The good news about these types of attacks is that it’s mostly avoidable by implementing easy, everyday-hygiene maintenance. Things like backing up data, updating and patching software, and training employees to recognize the signs of someone trying to gain unauthorized access to systems, like a phishing attack, are low-cost, effective methods to keeping data safe.
The number and complexity of today’s (and more importantly, tomorrow’s) threats requires a proactive, layered approach to security. Engage with an expert firm like Carousel to protect your organization’s sensitive assets with the most effective next-generation security solutions—from everything from asset security to threat detection and governance assistance for a comprehensive, full-service security solution.
I think I may be affected with a variation of Wanna. What should I do?
If you think you may be infected with ransomware or another virus, fill out this form to connect to an expert about how react, respond, and remediate the threat within your environment.
You May Also Like: Ransomware and Things That Go Bump in the Night
For technical details regarding the malware, as well as countermeasures you can take, please review the following blog posts:
With over 20 years of experience in the industry, Josh is responsible for executing Carousel's customer-facing Cybersecurity strategy. With a career that began in operations support where customer satisfaction is the number one priority, Josh understands that balancing user experience and manageability, with risk mitigation and overall security posture is crucial to a successful practice. As Director of Security Solutions, Josh helps both customers and colleagues alike make sense of the broad and sometimes confusing landscape of cybersecurity, and arm them with the knowledge and tools to deliver effective business outcomes. His enthusiasm and excitement for not only the cybersecurity space but technology in general shines through with every engagement he is a part of.
Read More Posts From Josh
Security
As we look to a post-pandemic world, one of the areas of investment we can expect to see is in building resilience to destructive type attacks. 2020 saw a record number of distributed denial-of-service (DDoS) and ransomware attacks, which is only expected to continue through the rest of this decade. Many organizations are now looking to the […]
6.21.2021
Security
In an earlier post we looked at typical headcount costs and other expenditures to build and maintain the full scope of cybersecurity capabilities in-house. Those figures often put a completely internal team out of reach, but the good news is that a strong cybersecurity strategy doesn’t need to be an all-or-nothing effort. Here we’ll explore […]
5.27.2021
Security
No matter the size, industry, or location, nearly every company today has a cybersecurity strategy. But there are many methodologies your organization can use to protect its digital assets and determining the right approach for your business means balancing your desired cybersecurity posture against your resource availability of staff and money. Given the evolving threat […]
4.19.2021
Security
Businesses have leveraged Internet of Things (IoT) capabilities for years and the use of these devices – sensors, monitors, and other smart technologies with Internet connectivity – is exploding. Unlike cell phones and laptops, IoT devices aren’t usually linked to any one user. Instead, they’re the communication component in a heart monitor that lets hospital […]
12.22.2020