The WannaCry cyber-attack has been in the forefront of the news headlines worldwide. WannaCry has infected over 200,000 machines to date. Over 150 Countries and organizations such as FedEX, Nissan and Renault were infected.
WannaCry - what is it?
WannaCry is a virus in the ransomware family. Ransomware is a type of malware that prevents or limits users from accessing their files by locking them for ransom. The modern ransomware families use cryptography to encrypt their files and have been dubbed crypto-ransomware. The WannaCry malware falls into the crypto-ransomware family. The cyber criminals responsible for the malware will supposedly release your files once you pay the ransom.
Is Ransomware and WannaCry a new type of attack?
WannCry is not a new type of malware attack and ransomware has been around for close to 20 years. The first recorded instance of ransomware was in 1989. There have been numerous ransomware attacks since then. Over the years, we have seen the likes of CryptoLocker, CryptoWall, Locky, Gpcode, Petya, Cerber and many more.
Is Ransomware common?
Ransomware is a very common occurrence. Over the past 12 months nearly 50% of organizations have fallen victim to a ransomware attack. Ransomware is not going away anytime soon. Here is a look at Ransomware statistics for 2016:
• Ransomware emails spiked 6,000%
• 40% of all spam email had ransomware
• 59% of infections came from email
• 92% of surveyed IT firms reported attacks on their clients
• Infections hit 56,000 in a single month
Should you pay the Ransom?
No. Police and security agencies warn computer users against paying ransoms. Paying encourages criminals to launch further attacks. In regard to the WannaCry attack, you should definitely not pay. Analysis of the WannaCry malware code shows that there is no way for the cyber criminals to determine that you actually paid the ransom. There also does not seem to be any real working decryption method in the code. So, what about the free decryption option? This decryption function picks 10 files at random at the time of encryption and stores the decryption key for these 10 files. There does not appear to be a way for any other decryption keys to be used. Therefore, there is no reason to believe anyone will get their files back.
How can you protect yourself from Ransomware?
• First make sure your machines are patched and up to date.
• Block users from being able to execute the malware
• Utilize Intrusion Protection Systems. They can prevent infections from the outside as well as the inside.
• Limit end users access to mapped drives at the very least restrict their permission levels.
• Last but not least deploy and maintain a comprehensive backup solution.
Beringer Technology Group is always here to provide expert knowledge in topics like these. Contact us today for any questions you may have.