On May 12, 2017, thousands of companies across the globe saw the first signs of a prolific malware outbreak. The malware, a ransomware variant labeled WannaCry, is capable of encrypting files on a device and moving laterally to encrypt files on associated file shares. On average, the ransom amount that is demanded is the equivalent of $300 in Bitcoin. Early reports indicate the ransomware, which may function in 27 different languages and encrypted data on over 75,000 systems in 99 countries. Russia, Ukraine, India and Taiwan appear to have been the hardest hit. The attack resulted in some hospitals canceling operations and appointments because critical patient data could not be accessed.
The WannaCry ransomware gained entry into computer systems by exploiting a vulnerability in certain versions of Microsoft Windows. Microsoft released a patch for the vulnerability in March 2017. Microsoft also released a blog that guides individuals and businesses through the steps they should take to stay protected from WannaCry. One reason this ransomware has been so prolific is that it is less susceptible to antivrus programs because it is injected into a running process instead of being written to disk.
Two key lessons to be learned from this incident are as follows:
