WannaCry Ransomware – What You Need to Do to Reduce the Risk and the Impact

ransomware attack
Share Button

Last Friday May 12, 2017, approximately 200,000 systems located in 150 countries were impacted by WannaCry Ransomware attacks. WannaCry Ransomware is being regarded as the most damaging ransomware attack to date. This is due to the short amount of time in which a large quantity of systems were impacted over a wide spread of geographical locations.

How did it happen?

Attackers used leaked techniques for hacking Windows OS that were created by the National Security Agency (NSA). These attacks were deployed via a Windows vulnerability that had a patch released for it in March 2017. Systems that were not patched were susceptible to the attack. Analysis is on-going regarding the motives for the attack and the attackers’ identities, but there are various speculations regarding these aspects.

Ransomware Analysis & Profitability

The attackers have earned a little more than $55,000 from the attack. However, Matthew Hickey, a researcher at London-based security firm Hacker House, analyzed the ransomware and determined that the attack wasn’t designed effectively. For instance, Mr. Hickey found that WannaCry lacked an automated process to verify payments through the assignment of unique Bitcoin (digital currency) IDs. This essentially has resulted in at least one victim who paid the ransom but has not received the decryption key yet. In addition, this means that the hackers must manually determine which computers to decrypt, which is adversely affecting their profitability.

Prevention & Mitigation Safeguards

While the impact of the WannaCry attack is significant, the prevention and mitigation safeguards for this ransomware are not any different from the others. These safeguards are based on cybersecurity foundational elements, which are regarded as operational leading practices.

If your organization has been impacted by ransomware:

  1. Remove infected machines from the network and take backups offline as they may also get encrypted;
  2. Install appropriate patches to the infected machines;
  3. Activate your business continuity and incident response plans;
  4. Initiate cyber forensic analysis to support incident management activities (either in-house personnel/external specialists);
  5. Coordinate with legal and related business units to appropriately manage the incident; and, consider operational, legislative, and contractual requirements;
  6. Notify authorities so that the incident can contribute to the global knowledge base about ransomware attacks.

Future prevention safeguards are as follows:

  1. Apply the latest version of patches to systems;
  2. Maintain current antivirus software;
  3. Conduct frequent backups and periodically test restoration procedures;
  4. Develop business continuity and incident management plans. Test these periodically;
  5. Maintain awareness of evolving ransomware characteristics and similar attacks to update procedures accordingly;
  6. Practice consistent cyber hygiene and cultivate a cybersecurity-conscious culture;
  7. Conduct Security Awareness Training periodically to include current trends, IT security tips, and year-round refreshers; and
  8. Exercise caution when opening links from emails, websites, or social media.

If inexperienced attackers were able to cause this much devastation with the WannaCry attacks, actual pros could certainly have inflicted a much more destructive campaign. Other ransomware attacks have been far more profitable and had longer tenures. As cybersecurity incidents continue to capture news headlines, some attackers have demonstrated a complete disregard for loss of life, damages, and operational delays. The WannaCry attack is a loud and inescapable alarm to organizations of all types to ramp up their defenses against ransomware because more of these attacks are certainly on the horizon.

Interested in learning more about how to develop effective ransomware safeguards for your organization? Check out our Ransomware Prevention & Safeguards presentation. Feel free to contact Aronson Technology Risk Services Group Partner Payal Vadhani to discuss ways to increase your organization’s resilience to ransomware attacks at 301.231.6236.

 

About Natasha Barnes

Natasha Barnes has written 3 post in this blog.

Natasha Barnes is an IT risk and compliance professional with a focus on IT audit readiness and remediation. She has led large scale remediation efforts for federal clients responding to IT findings from Financial Statement Audits. On these engagements, Natasha became well known for her diplomatic efforts in facilitating discussions with stakeholders across IT and Financial departments. She established an understanding of complex technical issues with these functional team members and helped them to collaboratively execute remediation plans. She has also been involved with establishing and facilitating continuous monitoring programs, which contributed to the closure and severity reduction of several IT findings. In addition, Natasha has experience with security risk analysis, disaster planning, and project management. She holds Certified Associate in Project Management (CAPM) and Certified Information Systems Auditor (CISA) credentials. Natasha has led teams in executing Office of Management and Budget (OMB) A-123 compliance assessments and she has contributed to a Statement on Standards for Attestation Engagements (SSAE-16) engagement. She also led a third party system audit readiness assessment based on National Institute of Standards and Technology (NIST) 800-53 in anticipation of upcoming audit scrutiny. Natasha has developed and instructed trainings for her clients and colleagues on subjects related to Financial Statement Audit IT protocol, Federal Information Security Management Act (FISMA), Federal Information System Controls Audit Manual (FISCAM), NIST, and OMB A-123.

Comments are closed.

View Archives

Blog Authors

Latest Webinar Videos