On 12 May 2017, several media reported that the British National Health Service was hit by a massive cyber-attack using ransomware. Early in the evening, the Dutch National Cyber Security Centre (NCSC) spread a warning within the ‘vital industries‘ like energy companies. Also, health services are informed.
The risks of ransomware are high for many organizations. On wrong click of an employee can cause processes to stop and/or sensitive data to leak. From our role as security consultant we like to inform you of this news to prevent your organization from becoming a victim. Of course we are more than happy to transfer the risks of ransomware in business opportunities.
Ransomware and cryptoware are a popular form of cybercrime, which is used more and more by criminals and other malicious people and/or groups. Ransom- and cryptoware is malware that takes a computer system hostage. It is a type of malicious software designed to block access to a computer system until a sum of money is paid. Cryptoware also encrypts stored data. Well known cryptoware variant are CTB-locker, Cryptolocker, Cryptowall, Locky en Coinvault.
Malware is spread, especially, through phishing (phishing for credentials and or other user data). Phishing e-mails are not new. For users it is becoming almost impossible to recognize a phishing mail. In the past, you could tell by the spelling mistakes and the formatting that something was wrong, which nowadays is the case anymore.
Cyber criminals seems to spread ransomware an increasing scale. The aim for different countries. Often a computer systems is infected when a user opens a document containing the malicious software. Files on the systems are opened and encrypted due to which the data is no longer available. The ransomware in this case is also published in Dutch.
The spread of the massive global ransomware infection had stopped. The cyber-attack infected computer systems in 99 countries. The attack uses tools believed to have been stolen from the US National Security Agency (NSA). Security company Avest reports 75.000 cases of the ransomware – known as WannaCry and variants of that name – around the world. The British National Health Services seams to struck the worst. BBC indicates that over 40 organisation were hit, with operations and appointments cancelled. Besides British National Health Services also German railways and the French car manufacturer Renault became a victim. There seems to be hardy any damage in the Netherlands.
In the current form, WannaCry will not spread any further. A security researcher accidently activated the so called ‘killswitch’ causing the malicious software from spreading to other computers. In this way, the problem isn’t fixed permanently. Malicious people can spread the software again without the killswitch.
Microsoft already released an update for Windows that fixed the vulnerability that WannaCry uses in March. Nevertheless, malware globally infected computers because they were not yet updated or run on an outdated version of Windows. Therefore, the American technology giant, as an exception, released a a security update for Windows XP, which is no longer supported, this Friday.
Over the course of the week, we will provide you with a comprehensive “hands-on” security update on the prevention of infections with WannaCry and other forms of malware.
We advise you to share this information with the person responsible for cyber security within your organization. If you have any questions about this subject, please contact us at email@example.com.