Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ransomware Shockwaves Emphasise Importance of Data Recovery

Richard Pain, Cybersecurity Specialist | June 15, 2017
In this article we examine the strategic shortcomings that led to WannaCry’s high profile spread and impact

Commvault Logo This article is sponsored by Commvault

Ransomware Hacker

 

In May 2017 the now notorious WannaCry ransomware cryptoworm made headlines around the world. More than 200,000 systems across 150 countries are estimated to have been affected which, at time of writing, has yielded the criminals 50.4 bitcoins in ransom, approximately USD 115,000 depending on the current market value of bitcoin. Whilst this is a far smaller total amount than initially feared, it does not reflect the far greater cost caused by disruption to organisations worldwide.

This disruption caused to organisations such as the UK’s National Health Service, which was unable to access its clinical systems and had to revert to pen and paper, brings to light the importance companies must put on protecting their data, which serves as the heartbeat of every organisation.

Now as the dust settles, it is the ideal time to examine the strategic shortcomings that led to WannaCry’s high profile spread and impact. Whilst the swiftly released patch certainly helped protect systems, and later a killswitch was accidentally discovered which neutered the cryptoworm, these are just tactical responses to one specific attack. Instead it is important to focus on the strategic causes and solutions, so that organisations will have a better chance of preventing similar incidents in the future and help minimise disruption. 

 

Examining the Response to WannaCry

 

Following the outbreak, IT security organisations worldwide issued warnings to companies and users about the threat. As the news spread, IT security leaders scrambled to patch their vulnerable systems and contain the infection where possible. Then as often happens following high profile cybersecurity incidents, IT department sent out warning emails to employees to beware of suspicious links, emails and attachments.

There are several problems here.

Working backwards, let’s start with the “security awareness raising” aspect of the response.

In short, simple email reminders to employees are an insufficient response. By their very nature, ransomware attacks will always try to disguise themselves as legitimate emails, links or attachments and inevitably, users will get duped. 

Now that’s not to say that IT security awareness raising is pointless, it definitely has an effect and it’s worth doing given that, as everybody knows, users are the weakest link. However this effort must be done regularly, as part of a strategic approach, rather than just an ad hoc response to a specific incident. 

Keep in mind though, WannaCry was not primarily spread via email attachments as originally reported. This might be a surprise to some readers because most people associate ransomware with dubious links and naïve users. On the contrary, according to malware analysis experts Malware Labs: 

 

1  2  3  Next Page 

Sign up for Computerworld eNewsletters.