Security, Part 10: WannaCry and next generation of ransomware

June 7, 2017

Computer screen with ransomware attack file encrypted alerts in red and a man in suit keying on keyboard in a dark room, ideal for online security and digital crime

Last month, WannaCry ransomware infected over 350,000 computers in 150 countries, causing havoc across the healthcare industry. In an earlier article, we looked at how to avoid getting infected by ransomware like WannaCry. In light of this recent attack, we thought we’d provide updated information on how to prevent such attacks, and what to do if and when you get hacked.


Backup like lives depend on it

Because the healthcare industry was hit so hard by the virus, WannaCry literally put lives at risk. The problem is, once you’ve been hacked and your data has been encrypted, it’s gone. Period. All your patients’ data: gone. And for most facilities, it’s not just your data you have to worry about. Your entire network can—and most likely will—be shut down. All of your purchasing, payment, HVAC, manufacturing, physical security systems, phones…your entire facility can be shut down.


Your best bet is to reinstall everything from backup. That means you have to constantly backup everything—every day (or more frequently, if you’re in healthcare). Keep your backups offline on a separate network with different credentials and operations. That way, if you are hacked, you can quickly restore your system and move on.


Upgrade your operating system and anti-virus software

Unlike other viruses, which spread through phishing schemes or via careless employees, WannaCry spread to computers using exploits in older versions of Microsoft Windows. Even the most vigilant employees would have been unable to stop the virus. Microsoft issued a patch to fix the exploit two months before the attack, but many computers had not applied it yet. So, in this case, companies that had either upgraded to newer systems of Windows and/or who had applied the patch in time were spared the effects of this virus.


Make your employees paranoid

This can’t be stressed enough. Even though WannaCry was not spread via careless employees, most ransomware is. Train your employees how to best avoid falling for phishing schemes. Then, train them again.

  • Do not click on unknown links
  • Do not insert unknown USB drives
  • Do not open emails from unknown people
  • Do not open attachments unless you specifically requested them

However, even if you have the latest software and you do everything right, you’re still not in the clear. Hacking methods are getting more sophisticated. WannaCry was spread by a worm called EternalBlue, which is believed to have been developed by the NSA. So the question isn’t what to do if you get hacked, but how to deal with it when you are hacked and your data is held ransom.


Do NOT pay the ransom

WannaCry promised to release your data if you paid $300 to a BitCoin account. Given that entire companies and health clinics were down, it’s no wonder that people just paid the ransom. But experts agree that paying the ransom is no guarantee that your data will be released, and it’s just fueling the fire: the more people pay hackers, the more the business of hacking thrives.


Shut down your computer

If (or when) you get the dreaded “Oops! Your data is encrypted” message on your screen, the first thing you should do is disconnect your computer from the network and shut it down. Contact your IT department and make sure a notification is sent out.


Notify the FBI

Once the threat is contained, contact the FBI’s Internet Crime Complaint Center.


Hacking isn’t going to go away. Your best bet is to stay alert, update your software, train your employees, backup your data, and hope for the best. For more information on protecting your computer data, contact Vanguard Resources.