On Friday, May 12, a cyber-attack was launched that affected over 300,000 computers in roughly 150 countries. The attack, a ransomware worm known as WannaCry, affected nearly every major industry; including healthcare, government, and privately-owned businesses.
The attack began in Europe and continued to spread across the globe, reaching targets in China, Japan, and even reaching across seas to the Americas. Once hit with WannaCry, the worm encrypts all the files on an infected device, prompting the user to pay $300 in order to regain access to their files.
Since the attack spread, the hackers are thought to have gained about $80,000 in bitcoins from WannaCry victims. However, that number is not expected to rise much higher, as many technology companies have already implemented measures to block the attack. In fact, Microsoft had already had a vulnerability patch in place in March, months before WannaCry was released.
So how was WannaCry able to affect hundreds of thousands of devices while there were already measures available to block the attack? The answer lies within an affected company’s technology infrastructure. While the patch by Microsoft was originally released in March for Windows XP systems, many businesses completely overlooked the upgrade. This left them wide open for an attack, making them easy targets with well-known vulnerabilities.
However, we cannot be so quick to blame the IT departments of the affected businesses, particularly those with complex technology infrastructures. For example, many health care service providers in the UK were affected due to a reliance on older versions of operating systems. This is due in part to the variety of third-party medical equipment that health care providers rely on to do their jobs. This equipment can often be difficult to upgrade or patch, and can only be replaced if the budget allows for it. In many cases, companies will choose to spend their dollars on other IT necessities.
What can businesses do to protect themselves from WannaCry and other similar cyber-attacks? Security experts state that the best way to combat these attacks is to keep your technology updated and your employees aware of potential threats.
A good way to gauge your company’s vulnerability is to perform a threat and vulnerability tests. These tests will give a company insight into how many employees would fall for an attack by sending out a fake phishing scam. Once the data is collected, a company will have a better idea of what kind of vulnerabilities they have, and how they can train their employees to avoid them.
Experts also suggest that companies keep as up-to-date on their software as possible, and urge them to consistently check for updates or patches. While an update might not seem imperative, hackers are constantly on the lookout for newly discovered vulnerabilities to exploit. By creating a consistent update schedule, companies can be sure that they are protected from future attacks.
Don’t have the time to constantly check for software updates? Not sure if your company is up-to-date with the best possible cyber security plan? Contact our security experts at Info Advantage by calling (585) 254-8710 today to talk about how you can protect your business’ assets.