Ransomware is a very damaging threat to our digital world. Your digital files can be held hostage by this kind of malware, often for large sums of money. But the worst thing is there is no guarantee you can recover your files.
So what does this mean for businesses? And how bad was the recent attack, known as WannaCry?
The WannaCry ransomware functions mostly like any other kind of ransomware once it infects a computer.
- NSA Discovers exploit for Windows machines.
The WannaCry virus was initially based on an exploit uncovered by the NSA. The exploit allowed the remote operation of nearly any program or operating system by remote. If it connected to the internet and ran Windows, it was exploitable.
- Hacker Group “Shadow Brokers” leaks documents from NSA, including details on exploit.
The group leaked the documents in the name of transparency, showing the world what organizations like the NSA are capable of. The data on the exploit was locked away on an NSA server to be used for future covert reconnaissance and data gathering. When the documents were leaked, the virus details went with it, and cybercriminals jumped at the chance to use them.
- Cyberthieves use the exploit and set up a code to victimize many people.
It quickly encrypts all of your files then deletes any backups. After that, the computer owner gets a message saying that they can receive a decryption password after paying the cyber thieves ransom money, which is usually about $300 USD worth of BitCoin. If the victim doesn’t pay within 72 hours, the price doubles. A few days after that, the files are permanently locked.
- The virus spreads by email.
The victim to open or download an attachment from an email. This is seen in situations like the Locky virus, where the victim receives an email, downloads the attachment, and the attachment automatically runs a script, encrypting all the data on the computer.
- “Malware Tech Blog” stops the spread of the virus through a lucky break.
A writer for Malware Tech Blog, who wished to remain anonymous but has since been compromised, discovered a killswitch for the virus. Embedded within a website, he purchased the domain as soon as it became available, stopping the spread of the virus.
As of this point, more than 200,000 computers have been attacked across 150 countries. Victims have paid about $70,000 in ransom to retrieve their files. If your files were encrypted, it would be best to wipe your hard drive and restore data with backups. Paying the thieves only emboldens them to do this again.
Am I at Risk of Infection?
In corporate networks, the virus would easily spread via file sharing systems. Company intranets and servers that are used for the day-to-day business of a company could receive an infection from one computer. But if that computer is networked to all the other computers within the building, all of them will become infected. That is how the virus spread so quickly.
Some of the most vulnerable systems include:
- Corporate offices
- Telecom Companies
So what can you do?
- Update Windows
Update everything. Computers, laptops, game consoles, even cars and coffee pots run windows. The operating system is everywhere. Microsoft has released a patch for all devices running Windows, including “unsupported” devices, such as old operating systems, MRI machines, and others. This patch prevents the exploit from being used against you.
- IT Security
Personal computers should have antivirus software that is up to date. Business owners with networked computers need to invest in IT security. A managed IT security firm will add encryption to your network, as well as firewalls and provide support to protect your business and data.
- Backup Everything
As part of a managed IT service, you can back up all of your data and store it in an off-site server. In the event you do experience data loss, whether due to a virus or hardware failure, this backup can get your business running again with minimal delay.
There are variations of the virus out there that could still be spreading, so do everything you can to protect your data.