On Friday, May 12th, tens of thousands of ransomware attacks struck more than 74 countries, including the United States, within hours. This unprecedented ransomware attack crippled a number of UK hospitals, where staff were unable to access patient records and appointments because their files were taken hostage. The ransomware infection has continued spreading, though by Monday, May 15th, there were reports that it was slowing down.
This ransomware strain called “WannaCry” (and other names) takes advantage of a Windows vulnerability (a flaw in the Microsoft SMBv2 network protocol) which Microsoft released a patch for in March. However, older systems still running the deprecated Windows XP operating system do not benefit from that patch, and many systems had not run the patch when available. On March 14th, Microsoft released patches for out of date operating systems in order to slow the outbreak.
WannaCry renames files with the “.WCRY” extension and asks for a ransom of $300 in Bitcoin to unlock the files.
There is no way to decrypt the files without paying the ransom, and there is no guarantee that systems will be restored if the ransom is paid. Organizations affected are urged to restore their systems from backups.
This ransomware attack has been an unprecedented crippling global event, and it isn’t over yet.
What should you do to protect yourself and your business?
First and foremost, be vigilant in securing your systems, including running all patches and updates promptly.
A reliable backup and disaster recovery solution remains the best and most effective defense against ransomware attacks. If you are hit with ransomware, restoring your system and data from fresh backups is the only way to recover without paying the ransom.
And finally, people should be cautious when opening emails and attachments (particularly executable files and zipped files). Employees can greatly benefit from IT security awareness training on how to recognize threats and suspicious activity.