Blog & Tools

WannaCry Cyberattacks Summary

Wanna ransomware strain spread via Malwaretech.com

The WannaCry cyberattacks made headlines around the world because of its rapid spread. According to the FBI, since Friday May 12th at 4 a.m. EDT the agency knows of "reports of tens of thousands of infections in as many as 99 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. ” [FBI Flash, 5/13/2017]

Like all forms of ransomware, WannaCry encrypts the target data rendering it inaccessible to the user and attempts to extorts a ransom payment in exchange for the decryption key. According to various open sources the requested ransom for this variant is .1781 bitcoins or about $300 dollars US.

How does WannaCry Spread?

It’s unclear whether all vectors of the spread have been uncovered to date. However, reports indicate the initial infection happens because of traditional email phishing. However, WannaCry is different after the initial infection because it then works its way around the local network using a vulnerability in Microsoft Operating Systems. This vulnerability was dubbed “Eternal Blue” in leaked data and only recently patched by Microsoft in March of 2017.

What can I do to protect myself and business?

Like all forms of ransomware, the cybercriminals are counting on human error to help them with the spread of the malware. So, the best thing you can do is educate and practice a layered approach to defense:

  1. Learn to identify and report suspicious emails and train staff to avoid clicking on suspicious links or attachments.
  2. Make sure all devices on your network are properly patched with up to date software.
  3. Install (MS17-010) from Microsoft which closes the vulnerability suspected to be at play in this attack.
  4. Use endpoint security that include Anti-Virus and Anti-malware and update your signatures regularly.
  5. Scan incoming and outgoing traffic for infected attachments.
  6. Consider blocking legacy protocols on local networks.
  7. Backup regularly and validate your backups to ensure they operate as expected.

SDN customers with certain levels of our Managed Firewall services may already enjoy the Antivirus, Malware, & Intrusion Protection recommended above. On Friday during the peak of the attack, we proactively updated the Anti-virus and IPS signatures released earlier in the day as a preventative measure.

Our staff continues to monitor this evolving threat. If you have any questions, please contact SDN Communications at 800-247-1442 or email our support staff to discuss your Managed Firewall services.

To learn more about the cyber threat landscape in our region, subscribe to and download our latest report.

Theron McChesney, SDN business intelligence specialist, spoke with WNAX about the attack and how businesses can protect themselves. Listen to the interview.

Posted: May 15, 2017
Topic: Cybersecurity
Type: Blog
Related Posts

You Might Also Like

  1. How businesses can protect themselves from cybercriminals
    Cybercrimes continue to plague businesses large and small as criminals get even more creative about the way they target their victims. In 2021 in the United States, cybercrimes cost the country nearly $7 billion. To discuss this continuing issue
  2. Supply chain shortages drive demand for nimble, creative solutions at SDN
    When supply chain issues threatened to delay a project for a company he was working with, SDN Communications Senior Account Executive Jon Clayborne dug deep and found a temporary fix.
  3. Why your business's cybersecurity culture is like a puppy. Yes, a puppy.
    Telling stories and educating about why cybersecurity is important helps create ownership within the organization.
  4. Security and emergency preparedness take a front seat at SDN
    At SDN Communications, emergencies are carefully planned for, thanks to the company’s Security Committee and its virtual Chief Information Security Officer.