Blog

The ‘WannaCry’ Ransomware Attack

It was a global cyber-attack on an unprecedented scale. The attack, which started in mid-May, affected 200,000 organisations across 150 countries.

In the UK, it was 47 English NHS Trusts that bore the brunt of the attack, with operations cancelled and patients turned away from A&E departments.

The WannaCry ransomware used a flaw in Microsoft’s software and was only stopped by a security expert triggering a ‘kill switch’. Even though the attack was stopped within 24 hours, the damage it had done was catastrophic.

A Rising Trend

Amongst hackers, ransomware has become a rising trend. It is a form of hacking in which a ransom if demanded in order to ‘release’ the system from their grip. Hackers are looking for quick payment and some people and institutions have been known to pay the ransom which can range from a few hundred pounds to thousands.

Hackers ‘block’ a PC or a network of computers by first downloading a malicious type of software onto the system. This is often done by sending the intended victim a link and enticing them to click on it.

Once they have done this, the hacker then begins to lock the files on the PC. This is a gradual process and not one that the user would recognise as their PC tends to run as normal for some time.

But, eventually the system will such down and the ransom bid made. Hackers normally ask for the ransom in Bitcoins, the crypto currency.

What did WannaCry do?

The Wanna Decryptor, which we know as WannaCry, was a specific ransomware program. It locked all the data on the computer system, leaving the user with two files: instructions on what to do next and the Wanna Decryptor program itself.

The Solution

A young security expert identified that the kill switch for the ransomware was a deceptively simple one.

When the ransomware attacked a new PC, it sent the details to a web address. It is programmed to terminate itself it manages to get through. The security expert purchased the domain name, meaning the ransomware would connect and thereby terminate itself.

The kill switch web address cost less than £10.

Protecting your PCs and network from ransomware attacks

Paying the ransom, say experts, should never be an option. There are hundreds, if not thousands of ransomware attacks daily and so if everyone paid the ransom, the hackers would be making a lot of money.

The solutions are many;

• Get a professional security company involved, ensuring that your network security is top notch – and regularly updated.
• Regular and daily back-up is essential too because this way, you still have access to your files. Experts say that there are times when files have not been returned to victims intact, even after they have paid the ransom.
• Avoid opening emails and attachments that look suspicious but take care, because emails and links etc. are becoming more sophisticated and true-to-life. This means they can be difficult to spot. Always question where it has come from and why a company, bank or other organisation would be sending you and email, with a link or file attached.
• Training your staff in security threats is important too but remember, ransomware attacks and malicious software change all the time – training last year is now defunct as the threats have developed and moved on.

Please contact Clyde Solutions to discuss your IT security.