The world has experienced a massive global ransomware cyber-attack known as “WannaCrypt” or “WannaCry” (Ransom: Win32/WannaCrypt).. Hundreds of thousands computers worldwide have been hit and affected more than 150 countries. WannaCry is far more dangerous than other common ransomware types because of its ability to spread itself across an organisation’s network by exploiting a critical vulnerability in Windows computers.
The World For Ransom: the Effects of Wannacry
The global information environment is well and truly primed for plunder, vulnerable to such malicious “worms” as WannaCry. Each age creates the next circumstance for profit, often outside the boundaries deemed acceptable at the time. In a networked age reliant on huge quantities of data, times are good for the intrepid.
The attack grew over the weekend from 45,000 victim systems to an estimated 200,000, crippling large organisations from the NHS in the UK to Renault factories in France, Telefónica in Spain as well as Russia’s second largest mobile operator, MegaFon.
Much of the damage had already been done, with notable targets being the National Health System in Britain, and the Spanish telecommunications company Telefonica. In Britain, patients had to be relocated, and scheduled operations and treatment delayed if not cancelled altogether.
The spread was reportedly slowing:
- Australia: At least eight businesses reported being locked out of their systems
- South Korea: Four companies reported problems over the weekend. One cinema chain was unable to display trailers
- Indonesia: Records at two hospital were blocked
- Japan: Both Nissan and Hitachi reported some units had been affected, but not seriously
- China: Hundreds of thousands of computers suffered initially, China’s Qihoo tech firm said. Universities, with older systems, were particularly badly hit. Some payment systems and government services affected, but less than feared
The concern for Mauritius
An alleged cyber attack of WannaCry malware reported in Mauritius. A hotel in the South was allegedly affected by the ransomware. The hotel’s IT teams managed to control the situation and operations returned to normal as reported in the news.
Another company based in Port Louis came across the same situation. It is the subsidiary of a French multinational. The company received an email containing the WannaCry software. The parent company in France was reportedly a victim of the cyber attack, which explains why the malicious program ended up in a correspondence in Mauritius. The precautions taken by the local subsidiary prevented it from attacking computers.
Precautions to be taken to protect from this ransomware campaign :
- Aggressively patch and update Anti-Virus signatures with a priority on those in the last 60 days (including MS17-010).
- ii. Warn users not to open attachments/enable macros on suspicious emails. This may be the entry vector so diligence is warranted.
- iii. If you suspect you may be a victim, install Windows Defender; and run to remove the malware on systems.
- iv. If patching is not possible (i.e. if the machines cannot be updated with the March MS17-010), temporarily block SMB connections to limit the spread. This will likely impact your organization’s services.