WanaCry Ransomware attack – what can we learn?

Posted by Ian Hight on May 16, 2017 2:07:30 PM

Topics: Cloud services, Data centre services, Development integration & analytics, Business drivers

>Wow, last weekend was a stressful one for many in that over 200,000 people, across 10,000 organisations, in over 150 countries found out what it feels like to be a victim of ransomware. Should we be surprised ? Not really;  security specialists have been pointing out for quite some time just how exposed we are. When we interviewed Peter Benson 3 months ago (Peter Benson 2017 security predictions) and asked him for his IT security predictions, he suggested that ransomware would grow by about 40  % in 2017 and more importantly he said we should expect a wider variety of ransomware. 


What happened in this case? A hacker/s (as yet unknown) deployed a ransomware virus called WannaCry that targeted Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren't updated after March 14 with the MS17-010 patch were affected.  Whilst computer users around the world have been impacted at the time of writing there were no reported cases in New Zealand.  Does that mean we can rest easy?  No; ransomware has no respect for geography and it’s not that the threat is gone.  Have all the at risk machines been patched?  No that’s unlikely, plus there is a number of security experts warning of a second wave of the attacks from variants of the initial virus.

So what can we learn from this?

  • Virus strikes can be global and can occur at eye watering speed
  • Ransomware hackers are not fussy about who is attacked – they will take anyone’s currency – so long as it’s bitcoin, oh and yes you can pay for that in NZ$
  • We are need to be vigilant:
    • Make sure your mail filtering software is completely up to date.
    • Make sure your Microsoft security is completely up to date and enabled.
    • Make sure that your desktop security programs are patched and virus signatures up to date
    • Reinforce with your staff not to open emails unless they know the sender and can identify the attachment type.
    • Make sure you have a safe and reliable backup in the event that the worst happens.