What you need to know
Ransomware is a malicious software that locks your data until you pay a “ransom” to retrieve it. Last week, to the terror of many business owners, WannaCry ransomware spread rapidly to over 150 countries, leaking tons of data and rendering many banks, hospitals and universities, and governments helpless against encryption. WannaCry’s asking price? $300 in Bitcoin, a price that doubles if no payment is submitted within 3 days. But the FBI cautions, regardless of the amount you sink into Bitcoin, the probability of cyber criminals decrypting your treasured data is highly unlikely, and could inadvertently fuel and fund further attacks.
Findings show cyber criminals used a leaked NSA hacking tool forged from a Microsoft flaw, in combination with their own ransomware, allowing them access by exploiting a Windows vulnerability. Once one computer falls victim, the worm-like malware proliferates, encrypting files and folders on local drives, backup drives, and other computers on the network.
Why patching is pressing
Many cybersecurity experts suggest phishing to blame, but after pouring over 1 billion e-mails, IBM Security’s Caleb Barlow said researchers have come up empty handed, and as FBI Cyber Division Assistant Director James Trainor warned in April of last year, some cyber criminals don’t need e-mail to gain access. On March 14th Microsoft issued a patch to fix the flaw exploited by WannaCry. The lack of a source lead many to believe delayed patching granted entry to the cyber criminals.
“These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers,” Trainor explained.
As this week comes to a close, affected businesses are scrambling to recover and while others ensure all patches are up to date.
In a blog post on Sunday, Brad Smith, president and chief legal officer at Microsoft shed light on the severity of the breach.
“The governments of the world should treat this attack as a wake-up call, Smith scolded.”
“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”
How can I protect my data?
Proactively educate employees on the importance of due diligence. Train staff on how to identify malicious links, emails and pop-ups. If you’re not sure, DON’T CLICK!
Frequently back up data or projects on a separate network in preparation for a disaster. An in-house backup system isn’t enough. Unless you have an ongoing backup of your entire IT infrastructure in redundant, offsite data centers, your business is as risk.