Ransomware: The Global Attack Could Have Been Prevented

Friday morning (May 12), a ransomware attack started spreading across the globe, infecting tens of thousands of computers and shutting down vital systems. Those affected included over 40 health service trusts and FedEx’s offices in the United Kingdom, a telecom in Spain, and apparently, the Russian Interior Ministry.

The malicious software, transferred over email and stolen from the National Security Agency(NSA), exposed vulnerabilities in computer systems in almost 100 countries in total, constituting one of the largest ransomware attacks on record.

What Happened?

The WannaCrypt ransomware, also called WannaCry and similar, targeted Microsoft servers running the file sharing protocol Server Message Block (SMB). It used an exploit called ExternalBlue, which had first been revealed last month as part of a leaked stash of NSA documents. Once it gained access to Windows computers, it encrypted their contents before demanding payments of hundreds of dollars for the key to decrypt files.

The coordinated attack was first reported in the UK, where at around 12:30pm local time, the National Health Service’s (NHS) systems began crashing. Pop-up messages appeared on computer screens, demanding $300 in bitcoin in exchange for access. By 3:30pm, infection had been reported in 16 NHS hospitals, and the number has surged to over 40 by now. Surgical procedures were postponed and some hospital operations shut down as government officials struggled to respond to the attack.

The Russian Interior Ministry also reported thousands of computers affected by a virus. However, officials played down the incident, saying the attacks had been contained.

Could This Have Been Prevented?

The attack was in fact largely preventable, if only more Windows users had >installed the critical security patch that Microsoft released for it two months ago.

Late Friday, Microsoft posted an official notice on its TechNet site about the security update as well as general guidance regarding the WannaCrypt attack. Additionally, the company urged users to “use vigilance when opening documents from untrusted or unknown sources.”

The attack also brought the infamous NSA leak back into the spotlight. Speaking to NPR, tech reporter Aarti Shahani said: “This attack is raising one of these fundamental issues that we talk about in the security world, about whether NSA surveillance protects people or creates unexpected damage that does more harm than good.”

What Can You Do To Protect Yourself From Ransomware?

• Install security updates – they often contain patches for latest vulnerabilities, which hackers are very eager to exploit.
• Don’t open anything suspicious. Delete dubious emails from your bank, ISP, credit card company, etc. Never click on any links or attachments in emails you’re not expecting. Never give your personal details if asked via email.
• Back up important data in an alternate device and keep it unplugged and stored away. Backing up your data regularly is the best way to protect yourself from ransomware because only unique information is valuable.
• Using a VPN when browsing can protect you against malware that targets online access points. That’s especially relevant when using a public hotspot. However, keep in mind that a VPN cannot protect you from downloading malware. While a VPN encrypts your activity online, you should be careful when downloading and opening certain files or links.
• Ransomware developers often use pop-up windows that warn you of some kind of malware on your machine. Don’t click on the window — instead, close it with a keyboard command or by clicking on your taskbar.

Related: The Rise of Ransomware: How to Protect Your Data

Related: Going Beyond VPN: What Can You Do to Protect Your Data