Clever Technology

Lessons from the Global Ransomware Attack

From a Cybersecurity perspective, last week was downright scary. Early in the week we learned about major bugs in Microsoft’s free antivirus (which was quickly fixed) and in many Intel processors, which left tens of thousands of PCs vulnerable.

Then on Friday came a unprecedented attack – in a matter of hours at least 75,000 computers were infected with the “WeCry” ransomware, which shut down businesses around the world including hospitals, car factories, phone companies, government agencies, and more. A hard working security specialist got lucky and accidentally stopped the spread of the infection, but it’s likely a temporary fix – the code to make this new virus is relatively easy to copy, so we expect similar attacks to begin shortly.

While we can’t exactly predict the future, there were some important lessons learned from last week’s cyber-nightmares:

  • Security updates are more important than ever. The computers infected with the “WannaCry” virus would have been protected if they had installed security updates Microsoft provided in March. Many of the infected computers were using Windows XP, which Microsoft discontinued support for in 2014.
  • Good antivirus works but only goes so far.  The anti-virus and anti-malware tools that Clever Techs uses protected against the WannaCry virus almost immediately IF the infection came via an email attachment.  With WannaCry infections happen two ways – first one PC on a network gets infected by downloading a fake email attachment, but then that computer quickly infects the rest of the computers on the network.  Anti-virus tools will detect and remove viruses that spread from computer to computer, BUT they may not catch them until after some damage is done (meaning some files are encrypted and inaccessible).
  • We got lucky.  The first round of WannaCry, which by some counts infected 200,000 computers in just a few hours, was stopped because the virus had a “kill switch”, a feature that basically told the virus to stop encrypting files.  That kill switch was accidentally discovered by a security researcher pretty quickly, which minimized the spread.  (In fact a second version of WannaCry was launched on Saturday, but it also had a “kill switch” and was shut down quickly).  Its surprising that such an advanced virus, which was well designed in so many ways, had such an obvious flaw.  We expect, and have already seen evidence, that future versions of this type of virus will not have such an easy way to disable them.

Make sure your data is backed up to a secure cloud location.  Make sure your computers, especially Windows PCs, have their most recent security updates (and reboot them to make sure the updates have actually finished installing, since many updates require a reboot).  And make sure your anti-virus protection is a high quality, paid solution like ESET, Webroot, Kaspersky, Bitdefender, or AVG.

Leave a Reply