WannaCrypt is a serious ransomware attack that has caused major interruptions to individuals, businesses and governments around the world. However, what gives this ransomware teeth is that it took advantage of a vulnerability in Microsoft operating systems that has been public knowledge. Anyone who was using an operating system newer than Windows XP, could have simply patched their workstation and their only risk was to click on a link they shouldn't have. The problem is many people and organizations haven't patched their computers or are still running Windows XP.
Here are the highlights of how WannaCrypt did its damage:
- An organization called Shadow Blue released NSA records that contained information about formerly undiscovered vulnerabilities and attack methods.
- On March 14, Microsoft released a patch to fix one of those vulnerabilities in newer Windows operating systems.
- This past Friday morning, WannaCrypt was released into the wild via phishing email. This probably appeared as a typical ransomware attack, encrypting all the victim's files and demanding a ransom to unencrypt those files.
- What makes WannaCrypt so dangerous is that once it has infected one workstation, it has gotten past the firewall of the network that it is on and is then able to use the previously mentioned Microsoft vulnerability to infect hundreds or even thousands of other vulnerable workstations. Windows XP was especially vulnerable because Microsoft hadn't released a patch and had no plans to. However, on Saturday, Microsoft released a patch for Windows XP.
- The attack was initially confined to Eastern Europe, Russia and China. However, after pausing for a few hours, appeared to explode all over the world.
For a clearer example of how the attack works: imagine someone in your household opens a phishing email and clicks an inappropriate link infecting their computer. That computer can see all of the other devices on your home network, in turn the infected computer attacks every other device with the Microsoft vulnerability. Other devices do not necessarily have to be PCs, it could be any device on your network running some variant of the Microsoft operating system. Security systems, smart devices, DVR, etc. often use Microsoft Windows as its operating system.
If you would like more information about what your organization can do to fortify its human firewall, please contact your local UHY Advisors professional.