What You Need To Know About The Wannacry Ransomware Attack

On May 12, the release of the WannaCry ransomware attack began infecting computers worldwide. More than 150 countries were affected and a total of 75,000 ransomware attacks were reported. This attack is being billed as the largest attack ever, and is bringing the topic of ransomware into the spotlight.

As you may know, ransomware is a form of malware software that “kidnaps” access to your network, applications, or data until a certain amount of money is paid by the victim.

What makes the WannaCry ransomware attack unique (outside of the 4,000 attacks that happen every day) is that it is targeting older Microsoft Windows operating systems. “It is spread through an alleged NSA exploit called ETERNALBLUE that was leaked online last month by the hacker group known as The Shadow Brokers. ETERNALBLUE exploits a vulnerability in the Microsoft Server Message Block 1.0 (SMBv1) protocol,” explained a recent Fortinet post.

[Related:Ransomware: Is Your Orgainzation Prepared?]

As Fortinet explained, the attack took advantage of organizations that failed to update their Microsoft Windows patch in March. Those organizations were served with a ransom demand for $300 to start, with increases there after. Normally, ransomware attacks start from someone clicking on a phishing email attachment or link, but this attack automatically infected devices and networks that didn’t have the patch installed without any end-user interaction.

The popularity of this attack has organizations across the globe looking for protection. We’ve detailed a few tips you can start implementing today to protect your network:

What you can do to Protect Yourself

The following Microsoft products are at risk:

  • Windows XP
  • Windows Vista
  • Windows Server 2003
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows RT 8.1
  • Windows 10
  • Windows Server 2016
  • Windows Server Core installation option

Fortinet provided the following tips:

If you need to, apply the patch published by Microsoft on all affected nodes of the network.

If your organization has been affected by ransomware, here are some things to do:

  • Isolate infected devices immediately by removing them from the network as soon as possible to prevent ransomware from spreading to the network or shared drives.
  • If your network has been infected, immediately disconnect all connected devices.
  • Power-off affected devices that have not been completely corrupted. This may provide time to clean and recover data, contain damage, and prevent conditions from worsening.
  • Backed up data should be stored offline. When an infection is detected, take backup systems offline as well and scan backups to ensure they are free of malware.
  • Contact law enforcement immediately to report any ransomware events and request assistance.

In addition to Fortinet’s tips, Microsoft also released a security update to all of their customers running Windows XP, Windows 8, and Windows Server 2003, to help protect them against the WannaCry attack. In response to the attack, Microsoft also wrote a piece about what the next steps are for everybody involved to help prevent an attack like WannaCry from happening again.

Steps to Ensure You're Prepared

However, it’s not enough to just be reactive. Your organization needs to be proactive in how it approaches ransomware. Here are our eight steps to ensure your organization is prepared for an attack:

  1. Employee awareness: Educate your employees on how to identify phishing emails, malware, and ransomware. The number one element to ransomware’s success is the human element. Continuous education and testing of employees’ understanding through internal phishing campaigns are crucial pieces to the ransomware solution.
  2. Back up regularly: Make sure you’re backing up data on a regular basis, to ensure that the backups are operating as planned and can be efficiently restored.
  3. Have a plan: Having a plan in place is essential for preparedness. This plan should thoroughly lay out response and solution details, should your organization fall victim to an attack.
  4. Update and patch regularly: Make patches and updates on your system, software, and firmware a frequent occurrence. Read our post for more information on updates and end of life support dates.
  5. Limit administrative access: Don’t allow employees to have administrative account access. This will restrict what a ransomware attack could potentially infect.
  6. Have software restrictions: Prevent ransomware attacks from infiltrating and running common programs with a software restriction policy, or put access controls in place.
  7. Eliminate macros: Macros automatically perform frequent tasks, but they can be disabled. Disabling macros will ensure malicious content doesn’t automatically load.
  8. Block internet ads: Many third-party ads have some type of malware. It’s best to avoid the risk by disabling all internet ads on devices.

Don't Pay the Ransom

Whether it’s your organization that gets infected or a home computer, the impact of ransomware can be devastating. You can permanently lose important and private information, you can expose critical flaws in your organization, impact your reputation, and potentially lose a lot of money. However, even if you pay the ransom, it doesn’t guarantee that you’ll get the data back. The FBI recommends that you don’t pay the ransom, because it will only encourage cyber criminals and keep ransomware attacks thriving.

The WannaCry ransomware attack reinforces the need for organizations to pay closer attention to their systems.

Additional Resources:

Is your organization prepared for a ransomware attack?

Cybersecurity Infographic Stats

Ben Killion

Ben Killion is an Account Executive at Aureon, where he is a relationship builder, strategic customer advocate, and results-oriented professional. Ben has been working in the technology industry for seven years, focusing on leveraging technology to help clients meet their business goals.


May 18, 2017

Posted by

Ben Killion


Sign up to receive the Aureon Weekly Update.