On May 12, 2017, thousands of companies across the globe saw the first signs of a prolific malware outbreak. The malware, a ransomware variant labeled WannaCry, is capable of encrypting files on a device and moving laterally to encrypt files on associated file shares. On average, the ransom amount that is demanded is the equivalent of $300 in Bitcoin. Early reports indicate the ransomware, which may function in 27 different languages, encrypted data on over 75,000 systems in 99 countries. Russia, Ukraine, India and Taiwan appear to have been the hardest hit. The attack resulted in some hospitals canceling operations and appointments because critical patient data could not be accessed.
The WannaCry ransomware gained entry into computer systems by exploiting a vulnerability in certain versions of Microsoft Windows. Microsoft released a patch for the vulnerability in March 2017. Microsoft also released a blog that guides individuals and businesses through the steps they should take to stay protected from WannaCry. One reason this ransomware has been so prolific is that it is less susceptible to antivrus programs because it is injected into a running process instead of being written to disk.
Two key lessons to be learned from this incident are as follows:
- Stay current in your software patching; and
- Incorporate incident response into your disaster recovery plans. For more information, please see: “Deeper Dive: Incorporating Incident Response Into Disaster Recovery Plans.”
Our incident response team is ready to handle any issues your company may have with this WannaCry ransomware variant or any other data security incidents. Please click here for more information or call our incident response hotline at 855.217.5204 for immediate help.
For more ways to protect yourself from ransomware and other data security incidents, please read BakerHostetler’s 2017 Data Security Incident Response Report.