In an era where technology is integral to the way we interact with the world, to be locked out of one’s data and digital devices has become one of mankind’s greatest fears. Last Friday, May 12, we witnessed an immense wave of panic spread across the USA, Asia, and Europe, brought about by a global ransomware attack known simply as WannaCry.

According to Reuters, WannaCry—also known as Wanna Decryptor or WannaCrypt—swept more than 200,000 computers and organizations in more than 150 countries, including corporate giants such as USA’s FedEx, Spain’s telecommunications network Telefonica, Germany’s train operator Deutsche Bahn, the Russian Interior Ministry, and at least 25 hospitals in Great Britain. The widespread malware also affected various corporations, hospitals, and universities in Australia, South Korea, Indonesia, Japan, and China.

The ransom note that comes with the WannaCry ransomware

Photo from BGR

What is Ransomware?

Ransomware acts exactly how its name suggests. It holds your device and its containing files hostage by locking you out and asking you to pay money to regain access. In the case of WannaCry, $300 (£230) in Bitcoin was demanded of the victims of the malware attack. The warning also stated that the cost would double if the amount goes unpaid after three days.

Whether or not users are actually able to retrieve their files once the user pays the “ransom” has yet to be determined, but BBC reports that more than $38,000 (£29,400) has already been paid as of this morning.

Ransomware WannaCry triggers a pop-up that informs users that their files have been locked.

Photo from BGR

How does WannaCry work?

WannaCry exploits a security flaw in the Windows SMB server using two components: a ransomware package and a worm. The worm allegedly uses the “EternalBlue” hacking tool—one of the cyberweapons developed by and stolen from the U.S. National Security Agency (NSA). The NSA’s tool was previously exposed to the public by a hacker group known as Shadow Brokers.

#MetroStarMinute: Firewalls Have Doors and Windows

How do I protect myself from WannaCry and other ransomware?

The first version of WannaCry has already been neutralized through a kill switch. However, it won’t be long before we start seeing variations of it. There is no singular fix for all ransomware, but individual users can protect themselves from potential attacks by installing the latest security updates on their devices.

Microsoft, in particular, has released a new security update on Friday as a result of the WannaCry attack. The company has also released patches for Windows XP and Server 2003, even though those operating systems are no longer officially supported. Installing the patches that Microsoft released in March will also help ward off WannaCry and similar ransomware variants.

“The main defense, really, is keeping systems and software patched,” shares MetroStar Systems Director of Cybersecurity, Clay Calvert.  “If your systems can’t be patched for whatever reason, then minimize how other devices on the internet can access your computers.”

If a patch is not possible, an option is to use VLANs (Virtual Local Area Networks) or VACLs (VLAN Access Control Lists) to prevent potential spreading of the malware among internal workstations.

“Another way to prepare against ransomware is to have regular offline backups,” adds Calvert. “Online backups, such as mapped network drives, are also susceptible to ransomware.”

While basic precautionary measures such as backing up your data will help, the surest way to protect your device is to refrain from opening suspicious emails, links, websites, and attachments. Interaction with users, internet files, and apps is clearly inevitable in this age, but the risk of a ransomware attack can be avoided with extra caution, vigilance, and effective cybersecurity consultation.

Protect your data and devices through MetroStar’s cybersecurity services.