How to prepare for, detect and mitigate ransomware risks
In a cyber event that brought those in charge of security to near tears, the ransomware called WannaCry encrypted files on infected systems while attackers demanded payments before releasing data and allowing organizations to regain control.
Given the speed of its spread and the breadth of its scope, many are considering it the world’s largest cyber attack ever as its effect rippled across 150 countries and an estimated 300,000 machines.1
The ransomware, a form of malware, exploited a vulnerability in some Windows-based operating systems. Although Microsoft had released a critical security patch in March, many victims hadn’t updated their computers and networks soon enough to be protected from the May 12th attack, leaving them exposed to WannaCry and other ransomware risks.
The attack impacted UK healthcare delivery, while disrupting the production and flow of services in some of the largest companies across the globe, including FedEx, Renault and Nissan:
As part of the National Health Service, some UK hospitals were crippled by the cyberattack, which forced operations to be canceled and ambulances to be diverted2. Health workers reported being locked out of their systems and seeing messages demanding ransom payments to regain access.3
In the U.S., the ransomware attacks forced the Memphis-based headquarters of logistics giant FedEx to shut down operations Friday4 [the day after the attack].
Automaker Renault reported that several of its facilities in France, Slovenia and Romania had been hit. Nissan confirmed it had to halt production at one of its facilities, a plant in Sunderland located north of London with 7,000 workers.5
Others hit included China Government agencies, German Railway Company Deutsche Bahn, Russia's Interior Ministry and Telefónica, one of the world’s largest telecom companies.1
Software patches play a critical role in protecting your organization from ransomware like WannaCry, but they are just one part of a multi-step, defense-in-depth security approach that includes:
Preparation: Readying your organization for ransomware attacks
Detection: Monitoring and analyzing the IT environment to spot malicious activity
Mitigation: Reducing the damages if an attack occurs
2 CNN.com, Global cyberattack: A Super-Simple Explanation of What's Going On, May 15, 2017. http://money.cnn.com/2017/05/14/technology/global-cyberattack-explanation/
3 CNN.com, UK prime minister: Ransomware Attack Has Gone Global, May 12, 2017. http://www.cnn.com/2017/05/12/health/uk-nhs-cyber-attack/index.html?iid=EL
4 LocalMemphis.com, FedEx One Of Many Organizations Targeted In Worldwide Ransomware Attack, May 15, 2017. http://www.localmemphis.com/news/fedex-one-of-many-organizations-targeted-in-worldwide-ransomware-attack/712658836
5 NBCNews.com, European Car Plants Halted by WannaCry Ransomware Attack. May 15, 2017. http://www.nbcnews.com/business/autos/european-car-plants-halted-wannacry-ransomware-attack-n759496