In May 2017, a massive cyberattack hit 200,000 computers in more than 150 countries. The attack not only affected individuals with old computers and operating systems, but also large organizations — FedEx, French automaker Renault, universities in China, and Russia’s Interior Ministry. Britain’s public health system was hardest hit, with scheduled surgeries and emergency services still disrupted several days later. Renault had to stop production at one of its plants and gave 3,500 staff at their Douai factory in northern France a temporary holiday. In China, 20,000 gas stations could only accept cash.
The attack didn't originate via phishing emails, as some initially suspected. Rather, it was a malicious software, now called “WannaCry.” The software was published by Shadow Brokers, who developed it from cyber tools created by the U.S. National Security Agency. Microsoft issued a software patch in March to address this threat, but not all users installed it. Some had older systems that couldn’t update to the latest patches.
WannaCry locked down files on infected systems and demanded $300 in bitcoin within six hours to restore them. Within the first 72 hours, over $40,000 had been paid, according to Elliptic, a company that tracks bitcoin transactions. The hackers are still on the loose.
Hackers will continue to learn from this incident and release more malware that will be even more damaging and widespread.
A 22-year-old cybersecurity researcher, Marcus Hutchins from Britain, stopped the ransomware from spreading more widely. Hutchins found the kill switch domain name wasn’t registered, and he bought it. When the site went live, the attacks stopped spreading. By the time we in the United States started going online the morning after the attack, Hutchins’ actions had reduced the impact. Still, Shadow Brokers has threatened future attacks.
In light of those, and many other, malware threats, what can you do to protect your personal and work devices?
- Back up your systems and data. In the event of ransomware, you can restore them, but only to the latest backup you have. If you last backed up a month ago, you'll have lost a month's worth of files and data. In other words, back up often, if not continuously.
- Update your antivirus protection daily and patches within 30 days of release. New vulnerabilities are published on a daily basis. To combat that, antivirus solutions release updates daily. Similarly, Microsoft and other large software companies release patches to combat known vulnerabilities. When you aren’t on the latest antivirus update or patch, your systems aren’t protected.
- Stay up to date on software versions. As systems age, it's difficult to patch them for the latest vulnerabilities, and software companies usually stop supporting older versions. Windows 7 and prior versions aren’t supported and are at risk of future attacks. Windows 8.1 has limited support today and will not be supported after Jan. 8, 2018, so those users have less than a year to update their computers.
- Establish a process to respond to cyberattacks. Many organizations aren’t prepared to respond to an attack. How would your organization handle a similar situation? Would you have to figure it out on the fly, or do you have proven guidelines and steps to follow to get you back up and running quickly? Try conducting a simulated exercise with your team to identify the measures you would take.
- Consider cyber insurance. Just about every cybersecurity incident has financial impacts. Cyber insurance can help recover some of the costs. Read the fine print to understand precisely what types of threats the policy does, and does not, cover.
- Evaluate your degree of dependence on key vendors. While you might not be hit directly by an attack, what if a key vendor or supplier is? Identify key partners, and inquire about their cyber preparedness to minimize the potential impact on your operations.
Hackers will continue to learn from this incident and release more malware that will be even more damaging and widespread. Take the steps above, and prepare yourself and your business so you don't — WannaCry.