It has been a frustrating month for all IT executives around the globe. They were faced with the most devastating attack on IT systems that they had ever seen. This attack, different from many known cyberattacks, hit everybody where it really hurts: data. The worm called “wannacry” spread from one computer on the net to another, encrypted important files, and would only delete them unless a ransom was paid.
According to Wikipedia, once installed, wannacry uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA) to spread through local networks and remote hosts, which have not been updated with the most recent security updates yet, to directly infect any exposed systems. A “critical” patch had been issued by Microsoft on March 14 to remove the underlying vulnerability for supported systems, nearly two months before the attack, but many organizations had not yet applied it.
The most critical point about wannacry is the fact that it spreads even if you don’t click anywhere, or take any action, like the usual phishing attacks. It spreads on its own like a real virus.
So IT managers were caught off guard. They thought that they did everything that they could to defend their systems, but wannacry disabled many institutions so fast that in the countries most affected, many hospitals were unable to function even though their IT systems are usually the best when it comes to security.
The ransomware campaign was unprecedented in scale according to Europol, which estimates that around 200,000 computers were infected across 150 countries. According to Kaspersky Lab, the four most affected countries were Russia, Ukraine, India
According to various resources, the attack affected many National Health Service (NHS) hospitals in England and Scotland, and up to 70,000 devices – including computers, MRI scanners, blood-storage refrigerators and theatre equipment – may have been affected.
On May 12, some NHS services had to turn away non-critical emergencies and some ambulances were diverted. In 2016, thousands of computers in 42 separate NHS trusts in England were reported to be still running on Windows XP. NHS hospitals in Wales and Northern Ireland
were unaffected by the attack.
Nissan Motor Manufacturing U.K. in Tyne and Wear, England, halted production after the ransomware infected some of their systems. Renault also stopped production at several sites in an attempt to stop the spread of the ransomware. The Turkish site was among those.
This type of attack is the most frustrating one because it puts your data in jeopardy; and data means everything in today’s world. It doesn’t matter if it is a personal photo or your companies most important excel sheet, if somebody encrypts your data files, it is very hard not to give in and pay the ransom. So what can we do? The best thing to do is to upload all that boring and tedious updates coming from software developers and constantly duplicate all the data files to different locations. Be safe.