WannaCry Ransomware

WannaCry Ransomware (aka WannaCrypt aka WCry): what do you need to know?

WannaCry Ransomware Essentials

Most important points about this ransomware outbreak:

  1. It was patched for Windows 10 and 7 in March
  2. Most computers infected in Europe were running Windows XP
  3. Microsoft released a patch for Windows XP and 8 May 13th
  4. Antivirus vendors updated their software May 12th and 13th to protect against it
  5. If you have a good backup you’re protected.

WannaCry Ransomware Details

Where did it come from? In April, hackers leaked details about a tool that the U.S. National Security Agency was using to spy on computers. The tool was called EternalBlue and it used a vulnerability in Windows. Microsoft had already patched the vulnerability for still supported versions of Windows in March. Because of the outbreak in over 75 countries, Microsoft released patches for Windows XP and Windows 8 on May 13th.

How do you get WannaCry Ransomware? One of the companies infected in Europe has confirmed that the ransomware arrived via a phishing email. Once the ransomware is on the network, it scans for other vulnerable computers to infect.

The reason why the outbreak was so bad in Britain’s hospitals is that they’re still running Windows XP to support legacy hospital equipment.

How do you protect your business?

How do you protect your business from WannaCry and other ransomware?

  1. Patch every month
  2. Educate your employees about phishing emails
  3. Have a good backup
  4. Create a recovery plan

 

What about antivirus? By the time the antivirus software vendors updated their software, it was game over for all those hospitals in England. In fact the company that used to boost how it totally protected the NHS in Britain now has changed to their advertising to how they understand the security needs of NHS.

You can’t rely on antivirus to protect you from new threats. It only protects you from known, old threats. It’s not your first line of defence.