WannaCry ransomware
WannaCry ransomware: It’s being called the worst cyberattack in history.

Since Friday, a global cyberattack has been underway, affecting over 200,000 organizations in 150 countries. WannaCry ransomware uses a flaw found in Microsoft’s Windows software, discovered by the National Security Agency (NSA) and leaked by hackers, to spread rapidly across networks. Crises were caused across the world including Britain’s National Health Service, FedEx, Nissan, and Deutsche Bahn, causing unanticipated downtime.

An anonymous security expert managed to stop the attack Saturday by triggering a “kill switch.” However, experts warn that the remedy may only be temporary and that WannaCry, or variations of the ransomware could spread to affect additional organizations. In fact, Proofpoint, a US-based cybersecurity firm warned Wednesday that another large-scale, stealthy cyberattack called Adylkuzz is underway that could dwarf last week’s assault on computers.

Ransomware is malicious software that blocks access to data. Victims receive a message demanding payment and the information is scrambled until the ransom is paid. Typically the price increases over time until the end of a countdown when the files are destroyed. Unfortunately, there is no guarantee that access to the data is returned after payment.

Last year, the University of Calgary experienced a ransomware attack and paid the demanded $20,000 one week after the initial attack. Not all files were recovered.

What is WannaCry?

WannaCry ransomware is a specific program that locks all the data on a computer system. It tells computer users that their files have been encrypted and gives them a few days to pay up warning that their files will be deleted otherwise. The software demands payment in bitcoins, and have asked for $300 per attack, with that amount doubling after three days if not paid.

How to protect yourself against ransomware attacks

The best protection against ransomware attacks is to have all files backed up in a completely separate system. This means that if you suffer an attack you won’t lose any information to the hackers.

Antivirus software is not an effective method to stop ransomware as ransomware infiltrates computer systems through compromised emails and websites.

For example, hackers could send an employee a phishing email that looks like it comes from their boss asking them to open a link. But it actually links to a malicious website that secretly downloads the malware onto their computer.

Security company Symantec says that ransomware attacks alone jumped by more than one-third to over 483,800 incidents in 2016. And that’s just the ones they tracked.

What to do if you’re a victim – should you pay the ransom?

Victims are advised to never pay the ransom as it encourages the attackers. Even if victims do pay there is also no guarantee that all files will be returned to them intact. Instead, the best thing to do is to restore all files from a backup. If this isn’t possible, there are some tools that can decrypt and recover some information.

How to prepare your business for ransomware attacks?

Here are some preventative steps you can take:

  • Update your Windows Operating System: Immediately run Windows Update and install all critical updates including the Microsoft fix MS17-010.
  • Be aware of suspicious emails, links, and attachments: Should you receive an email message, link, or attachment from an unknown sender, do not open it and delete it immediately.
  • Anti-virus/Anti-malware software: Ensure you have an anti-virus/anti-malware software installed on your computer and that it is up to date.
  • Backup often: It is extremely important to have a solid backup solution (on and off-premise) in place and that jobs are completing successfully.
  • Do not pay the ransom: If you are infected, there is no guarantee that if you pay the ransom your data will be unencrypted.
  • Public Wireless networks: Do not use unknown public wireless networks that do not require a wireless key or prompt for a disclaimer prior to using. Example: Starbucks requires you to agree to conditions prior to use.

Find SysGen’s IT support and managed IT services in Calgary, Edmonton, Red Deer, Vernon, and Kelowna. Learn more about SysGen’s cloud offering, cybersecurity services, managed security, and Digital Advisory team by clicking here.

Headshot of Michael Silbernagel

Michael Silbernagel, BSc, CCSP, CISSP

Senior Security Analyst

Michael is a lifelong technology enthusiast with over 20 years of industry experience working in the public and private sectors. As the Senior Security Analyst, Michael leads the cybersecurity consulting and incident response (CSIRT) teams at SysGen; he is the creator of SysGen’s Enhanced Security Services (ESS), our holistic and comprehensive cybersecurity offering that focuses on people, technology, policy, and process.