Ransomware attacks took up many headlines throughout 2016 and 2017 as their quantity and effect became widespread, costing organisations and individuals millions. One of the most infamous attacks was the WannaCry strain of ransomware which shook the globe in May 2017.
The malicious strain of malware was an eye-opener to the strength and speed at which cyber-criminals could infect targets, extorting large sums in encrypted currencies in the process. WannaCry lasted 3-days all in all before it was unwittingly stopped by a researcher trying to understand the source of the attack. However, in the 3-days the strain was active some estimated 300,000 organisations were infected in 150 countries.
Why was the strain so effective?
It is unlikely that in modern IT environments some sort of virus protection is not in place, so how is it that this strain of malware could infect so many machines in such a brief period? Ransomware and malware strains often rely on a human element to become active, this could be accessing a malicious file attachment, installing bogus software or accessing a malicious website. WannaCry was initially spread as an email attachment allowing cyber-criminals to target millions of addresses in a short space of time. When the infection began a secondary element of the strains code took over; the ‘worm’ code in use helped the infection spread from machine to machine and across networks at high-speed, this was the first known example of a worm being used in a ransomware attack.
The infection itself exploited a known vulnerability in Microsoft operating systems. Microsoft had, in fact, warned organisations of the vulnerability and released the necessary software patch to update systems and keep them protected.
How WannaCry changed organisations attitudes to cyber-security
WannaCry wasn’t the only large ransomware attack and while most ransoms were equivalent to about $300, ransoms of up to $1,000,000 were reported and in some instances paid. WannaCry claimed some very high-profile victims, organisations who then not only faced downtime but were struck with reputational damage for not having up to date IT security protocols. Among these organisations, and one of the worst affected was the British National Health Service (NHS).
NHS still to learn from WannaCry
The NHS was one of the worst affected by the WannaCry attacks, with a third of trusts being infected and thousands of appointments canceled and ambulances across the country unable to make emergency requests. A year on and the service, which is split into over 200 trusts has still not improved on its cyber-security policies. Earlier this year, it was found that in a review of cyber-security across the trusts all had major concerns and had failed to meet standards.
Further to this, the NHS has now been allocated around £150m to spend on improving cyber-security over the next 3-years however, the plans are still yet to be finalised and agreed on. The Department of Health does not know how much it will cost or how long it will take to implement the recommended changes. One reason for the lack of investment is that the NHS does not know the exact financial impact, which according to the Public Accounts Committee report“is hindering its ability to target its investment in cyber security.”
Jeremy Hunt, Health and Social Care Secretary recently stated:
“We know cyber-attacks are a growing threat, so it is vital that our health and care organisations have secure systems which patients trust.”
Cyber-attacks and disaster recovery planning
Cyber-attacks are an ongoing threat to organisations of all sizes. They are relatively easy to deploy, can target the masses and are difficult to trace. Attacks like WannaCry have shown large organisations are not safe and ransomware attacks, in general, have proven lucrative for cyber-criminals. Airline manufacturer Boeing recently suffered an infection from the WannaCry ransomware strain which began infecting systems at a manufacturing facility. The NotPetya attack was another ransomware strain that was able to infect thousands of organisations in 2017. Since then there have been many data breaches reported with companies like Uber and Facebook confessing to being breached. 2018 is however yet to see a major ransomware attack.
Cyber-security is or should be, a major concern for a lot of organisations. With the GDPR just weeks away, a breach could prove extremely costly for any organisation that suffers one. To find out more about cyber-security and how to stay protected download the cyber-security whitepaper here.