If you were one of the 300,000 companies across 150 countries that got hit with the WannaCry ransomware attack, well, the name is very appropriate. Designed to encrypt all the data files on the infected computer so owners cannot access their files, the ransomware then demands payment to decrypt the data.
The WannaCry attack started spreading on May 12, 2017. It exploited a bug in older versions of the Microsoft operating systems (Windows XP and Server 2003) called External Blue to spread the ransomware and encrypt data. Microsoft did provide a patch in March, but a patch only works if you install it. For many firms, the cost to update and test their software is costly and time-consuming, but in this case, there was a price to pay.
The WannaCry hackers only netted $71,000 before one cybersecurity expert was able to shut it down, but not before affecting the Spanish telephone company Telefónica, French carmaker Renault, Russia’s Interior Ministry, several UK hospitals, and many others. In June, the WannaCry attack was followed by the Petya virus, which affected companies like advertiser WPP, food company Mondelez, and Danish shipping firm Maersk. So, rather than just gathering personal information to steal your identity, it seems that the new game in cybercrime is to profitably hold businesses hostage.
What to Do About Petya
Guardian reporters Olivia Solon and Alex Hern explain in their recent article that “the ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, you can switch the computer off to prevent the files from being encrypted and try and rescue the files from the machine.”
If you see the ransom note on the computer, Ms. Solon and Mr. Hern advise to not pay the ransom. Instead, they offer the three recommendations below:
- Disconnect your PC
- Reformat the hard drive
- Reinstall your files from a backup
This scenario is something we all dread, and we need to avoid the problem in the first place. I like these six simple (or not so simple) steps from Rob Mitchell, President of ASG Information Technologies:
1. Install all critical operating system patches, keep your software up to date, and perform proactive routine maintenance on your network.
2. Limit employee access to non-work-related websites.
3. Strengthen passwords (with minimum of eight characters with both lower and uppercase letters, including symbols and at least one number).
4. Have multiple backup locations, including an imaged backup with a disaster recovery plan.
5. Monitor and maintain a managed business-class firewall.
6. Train employees to:
- Watch for and avoid illegitimate WiFi in public spaces
- Watch out for phishing emails that trick you into divulging personal information
- Recognize social engineering email schemes (when the email pretends to be from someone you would normally trust)
- Understand and sign an acceptable use policy that details what an employee can do and not do on work devices or work-related items on personal devices
These steps are all reasonable and manageable. While there is some cost, the added insurance against a cyberattack is well worth it. It might be too expensive or too low of a priority—until you need it. Just ask any of the companies hit by WannaCry and Petya.