“This operating system has been locked for security reasons.”
Many online users are still being confronted with similar messages to this. Malware called ransomware is to blame. The scam works by using malware to disable the victims’ computers until they pay a ransom to restore access. Cybercriminals often use social engineering tricks, such as displaying phony messages purporting to be from local law enforcement, to convince victims to pay up. Messages often include warnings such as, “You have browsed illicit material and must pay a fine.”
May 2017 has seen one of the biggest ransomware attacks in the UK and around the Globe
Organisations such as the NHS were brought to a standstill, high end businesses stopped trading, customers were left without knowing where they can do business and the country began to seriously wake up to a known serious threat to the way we operate.
WannaCry spread around the world at one time with speeds of a 1000 infections a minute, companies and IT teams struggled to cope and many failed.
Schedule of Initial Attack
The attack appears to have started at approx. 08:00 GMT Friday 12th May with the breach of a number of large corporate organisations across the world.
First incidents started to be reported at 10:00 GMT within UK NHS organisations.
There is currently no evidence that the attack spread via email.
The attack utilised a vulnerability in Microsoft Windows known as EternalBlue which allows the attacker to rapidly spread the attack automatically through an organisation’s network.
The EternalBlue exploit was released by a group known as “the shadow brokers”.
At 16:00 GMT Friday 12th a security researcher registered a kill switch domain; this caused any new infections to terminate without encrypting the files.
Impact of Attack
The WannaCry ransomware encrypts all local and shared files that the user can access; it also removes the shadowcopies to make data recovery more difficult.
This attack was able to automatically spread across networks without user intervention.
There is no current known weakness in the encryption used by the ransomware.
Companies should remain on a high state of readiness as Aonix Limited expects ‘copycat’ attacks to take place over the coming days and as intelligence grows.
What is WannaCry?
WannaCrypt is a Ransomware variant that was used in the attack that took place over the weekend starting on May 12th . You might also hear it referred to as WannaCrypt, WanaCrypt0r. WCRY. These are all the same thing.
Common Types of Ransomware
Locker Ransomware: denies access to the computer until the victim pays a fee, often by posing as law enforcement to spook users into paying. This type of ransomware normally only locks access to the interface, leaving the files and system untouched.
Crypto Ransomware: finds and encrypts valuable data stored on a computer or device, then demands that the victim pay a fee for a decryption key. Once it gains access to a device, it tries to remain hidden whilst searching for files to encrypt. This type of ransomware takes advantage of the fact that many people don't back up their important files.
According to reports by IDG Connect, 46% of IT decision makers say their organisation has been ‘significantly’ affected by malware, including ransomware and phishing.
How To Protect Yourself
The first step in defending against malware, ransomware and other email-based scams is to back up all your critical information. If you find yourself on the receiving end of a threatening extortion message, you'll know your data is safe and you won't have to pay any unnecessary ransom demands.
The next step is to educate your employees, because they are more likely than anyone to accidentally click on malicious links that could hold your entire organisation to ransom. The best way to raise their awareness is through specific training courses.
Despite the huge rise in ransomware, phishing and whaling, it's easy to start protecting your organisation and educating your employees to defend against these threats.
Our specialists help organisations navigate the complex and fast-paced IT security market, offering a full roster of security solutions to help mitigate risk.
We cover the traditional areas of Firewall, Email Security, Web Security, Security Information and Event Management, Data Leak Prevention, Cyber Threat Prevention, Identity Management, Authentication, End Point Security, as well as numerous other solutions.
Cyber Security Services and Threat Assessment
Information and cyber security is a strategic imperative for organisations of all sizes.
Our security assessment and testing services help customers to understand how cyber secure they are, what vulnerabilities and risks exist in their security posture and what steps they need to take to become more cyber resilient.