Security - May 15, 2017

What you need to know about WannaCry ransomware

Ransomware continues to be one of the most popular threats in the wild today, especially to large organizations with both valuable data and legacy systems hidden unpatched in the cracks and corners of their networks.

Businesses and citizens around the world recently became acutely aware of the concept of “ransomware,” thanks to WannaCry – the most notorious example of this ever-more-prevalent online threat. Be sure to read these two great resources to better understand what WannaCry and ransomware are and what you can do to defend against them:

Rogers security partner Trustwave has written an informative post on their SpiderLabs blog that will help IT and Information Security managers prepare for ransomware.

We also sat down with Stewart Cawthray, Senior Director of Enterprise Security Products & Solutions for Rogers Enterprise Business Unit, to better understand what you can do to minimize any potential harm from WannaCry or other ransomware campaigns.

What is ransomware?

Ransomware is a form of malware (malicious software) that uses encryption to lock users out of their computer or mobile device or prevent them from accessing data on them. It then demands payment, usually in the form of Bitcoin or another untraceable currency, for release of the codes required to decrypt the data. There are thousands of different forms of ransomware circulating. This form of attack is growing in frequency due to its high rate of return and low investment on the cybercriminals’ part.

Ransomware is a form of malware (malicious software) that uses encryption to lock users out of their computer or mobile device or prevent them from accessing data on them.

And what is WannaCry?

It’s the name given to the variant of ransomware which has perpetrated the recent attacks. It targets Microsoft Windows systems.

How does Ransomware compromise systems?

Attackers can distribute ransomware using:

  • malicious links in emails or websites
  • malicious attachments in emails and/or
  • compromised websites or social media accounts.

Ransomware uses unpatched vulnerabilities in an operating system or applications to take control of the computer, encrypt the data and hold the system or data hostage. No operating system is immune. Ransomware exists for Windows, Mac, Android and iOS.

How can users and business protect themselves?

Running anti-malware software and applying software patches to operating systems and applications as soon as possible will close the vulnerability the malware is trying to exploit. “WannaCry,” for example, uses a vulnerability which Microsoft provided a fix for in March of 2017.

Running anti-malware software and applying software patches to operating systems and applications as soon as possible will close the vulnerability the malware is trying to exploit.

Frequent data backups will ensure that you will lose only the data created since your last backup.

What can I do if I’ve been infected by ransomware?

In this situation, there is nothing any security provider can do to recover the data without the encryption keys from the attacker. The company or person will need to restore a current backup or pay the ransom to recover the data. Law enforcement usually cannot or will not assist with ransomware attacks on an individual basis. They are, however, usually engaged in a broader way by tracing the origin of the attack.

If I haven’t been infected, what can I do to prepare for a malware attack such as ransomware?

Ransomware is a serious cyber threat which is impacting business of all sizes. Rogers can help. Learn more about Rogers Threat Management services today.

Read the blog from Trustwave below: