In mid-May 2017, the biggest ransomware attack in history targeted many hospitals, FedEx, and various other businesses around the world. Most of the infected computers were running on outdated Microsoft Windows operating systems. The so-called WannaCry worm demanded ransom after encrypting the files on the affected computers. The price for the encryption was a few hundred dollars. How did this incident affect companies?
What Is Ransomware?
Ransomware is malicious software that blocks access to data on a computer. It uses flaws in the operating system to do so. Afterwards it demands ransom, mostly in the form of the virtual cryptocurrency Bitcoin, to be paid in order to gain access to the data.
However, during the latest attack, in most cases paying ransom did not help to recover the encrypted data. In general, paying ransom does not guarantee the desired outcome. The best solution is to keep all data backed up in a secure location or server so that it can restored. Furthermore, paying ransom may encourage more cybercriminals to get involved and make “easy money”.
The future of ransomware looks very promising and is on the rise, especially with all devices increasingly connected to the internet. Up to 40% of all businesses have experienced an attack in the past year and more than one third lost revenue as a result. It is a very profitable model, albeit illegal.
Recent Ransomware Targets
During this particular attack, the top targeted countries were Russia, Ukraine, and Taiwan. Up to 200,000 victims were affected by the ransomware attack from more than 150 countries. It also included high-profile targets such as British health care system and Russia’s central bank. Also, Germany’s rail network was hacked during the ongoing worldwide attack. Deutche Bahn computers were infected and ransom demanded. Most recently British Airways computer system went down. Even though the BA official denied any hacking, this might not be an unimaginable scenario for future hackers who might aim to disrupt important infrastructure or power plants.
Microsoft, NSA and Cybercriminals
Interestingly, this particular weakness in the Microsoft operating system was initially developed by the National Security Agency (NSA) and later revealed by an anonymous hacking group called Shadow Brokers. But the attackers remain unknown. Even though Microsoft released a patch weeks before the attack, many users did not update their operating systems. The hackers were able to exploit unpatched flaws in their operating systems. Eventually, the attack was stopped accidentally by an “malware analyst expert who calls himself MalwareTech”.
What Can You Do To Stay Protected?
The problem is that some people wait too long to update their operating systems, or have illegal or obsolete versions that do not support updates. Or some, for example many hospitals, do not have budget for new IT equipment and are using outdated versions, such as Microsoft XP.
The easiest fix to stay protected is to keep the computer up to date. Do not connect to public wifi networks, click on links in phishing emails from unknown senders, or send passwords or sensitive data over email. And finally, update your anti-virus programs.