Aftermath of WannaCrypt: What to do About Ransomware Attacks

Recent ransomware attacks opened a huge discussion about how secure our systems are and the steps we can take to best secure our data. Companies and institutions around the world had their data compromised by the malicious tool “WannaCrypt Ransomware.” This mode of cyber threat is a malicious software that holds computer files encrypted and asks for a ransom to get them free. They do this by targeting vulnerable machines or users, encrypting their data using Full Disk Encryption (FDE), and preventing the owner of the data from being able to use or access it until the named price has been paid.

How Does Ransomware Spread?

Most ransomware is hidden within seemingly innocent-looking documents, files, and photos. If you download a file or even open an email from an untrusted source, you may expose your computer to malware from anyone. It can also spread through viruses or backdoors from within a system that can offer a way for hackers to gain access.

A popular way to install ransomware is to leave a USB stick/flash drive lying around an office building. Hackers will leave a file on the USB stick that will install an executable file automatically. From there, the virus can encrypt your files and the hacker can demand payment.

Breakdown of WannaCrypt Infection

Vulnerabilities will occur when your Windows system is over two months behind on update cycles. WannaCrypt took advantage of a vulnerability that was made known by an NSA leak. While Microsoft patched this two months before the attack, many people neglect to update their systems frequently, leaving them vulnerable to these kinds of attacks. Make sure your Windows devices have auto update enabled, this way you will not miss an update and you will be less susceptible to an attack. You should also stay on top of system updates and patches for your smartphones as well.

 

"Most ransomware is hidden within seemingly innocent-looking documents, files, and photos. If you download a file or even open an email from an untrusted source, you may expose your computer to malware from anyone."

 

Which Systems Were Compromised?

Windows users who have outdated patches/updates are susceptible to WannaCrypt, from Windows XP and up to Windows 10. Apple devices and Android devices were not affected, but that isn’t to say there will never be a ransomware attack for those devices somewhere down the line. Android users are the most at risk, because most system patches/updates are few and far between. If you have an Android, be sure to get a top of the line device, such as the Google Pixel line or Samsung s8 line because those devices are more likely to stay up to date with patches.

Who Got Hurt?

Around 200,000 computers and nearly 40,000 businesses were exploited by WannaCrypt. Some of these victims are actually paying hackers to get access to their data back. The ransoms that have been paid are around $72,000 so far and still climbing.

Lessons Learned—How to Protect Your Data

  1. The most important lesson learned is to always update your system and application software. It will keep you and your data safe. If there is a problem with the update, you can always wait for a new patch.
  2. You should also back up your data. There are multiple options, from using a flash drive to storing in the cloud. Choose whatever is best for you to make sure your data is backed up and secured.
  3. Treat emails sent from unknown sources as if they are a solicitor calling your cell or work phone—delete them immediately without opening them.

 

Kalon Makle  

Kalon Makle
Information Technology
Kalon | @superkalon