WannaCry cyberattack is an important wakeup call for businesses
In mid-May, computer users across the globe booted up to an unfamiliar-looking red screen.
A lock symbol was in the upper left corner, next to the headline “Ooops, your files have been encrypted!”
A description on the page the explained that users needed to pay $300 to regain access to their files. If they didn’t, the files would be deleted forever.
The ransomware attack locked hundreds of thousands of computers across the globe. It caused hospitals in Britain to cancel surgeries. It delayed trains in Germany. It locked up computers at Spanish communications giant Telefonica.
Experts dubbed the attack “WannaCry” and estimated it was the largest cyber attack ever orchestrated.
If there was a silver lining, it was that there were relatively few WannaCry victims in the United States. However nothing but luck is responsible for the attack missing companies and institutions here. The same vulnerabilities that WannaCry exploited internationally are present in many businesses in Missouri and across the country.
WannaCry is believed to be based on an exploit developed by the U.S. National Security Agency. It uses a worm to self-propagate to different Microsoft Windows computers running on the same network.
Somehow, this government-developed exploit made it into the hands of hackers and formed the basis for WannaCry.
Fortunately, the NSA was aware that the hack was in the wild. In March, Microsoft released a security update to patch the vulnerability. However many users, and especially business users, skipped the Microsoft security patch, leaving them vulnerable to WannaCry.
One troubling thing is that if computer users would have simply applied the freely-available patch, WannaCry would have never spread.
Another frightening aspect of the WannaCry attack is that it appears the hack was created by amateurs. The malicious coders made a fairly glaring error in their program that allowed it to be shut down before it spread further.
It’s estimated the hackers received $50,000 in ransom payments. This success will certainly inspire more experienced hackers to pick up where WannaCry left off. Next time, it might be much harder to stop and it could spread much further.
This should be a major concern for organizations everywhere. Businesses tend to be most at risk for these attacks because they often have numerous computers networked together. Unless each computer terminal is being actively managed and updated, the network is at risk.
The most important thing a business can do is be proactive against cyber threats. Make sure that every computer is up to date and running the latest security patches.
If this is too much for you or your staff to manage alone, you should looking into hiring a knowledgeable information technology consultant, such as Huber & Associates, to make sure your computers — and your business — don’t fall victim to the next big attack.
The team at Huber & Associates is an IBM Premier Business Partner. We use proven technology, such as IBM QRadar, BigFix, MaaS360, and Guardium to implement sound cybersecurity solutions.
If you would like more information, visit us online at teamhuber.com or call us at 888-634-5000.