Late last week, news broke of a ransomware attack affecting systems across the globe. The malware variant, called Ransom-WannaCry, exploited a vulnerability in Microsoft known as EternalBlue, locking people out of their computers and demanding $300 in Bitcoin. Major organizations, including the National Health Service (NHS) in the U.K., have been affected. By the latest count, at least 300,000 systems in 150 countries have been hit.
While Microsoft released a patch for EternalBlue in a software update in March, a lag from consumers and businesses in activating that update has exacerbated the spread and impact of WannaCry. The ransomware’s worm-like spreading mechanism borrows from SMB exploits, which creates an entry vector for machines that are unpatched, even after the fix became available. Though it’s still unknown who exactly is behind these attacks, Google security researcher Neel Mehta noticed similarities between WannaCry – also known as WannaCrypt, Wana Decryptor or WCry – and malware used by North Korean group Lazarus, the group that carried out the 2014 Sony Pictures hack and stole millions of dollars from a bank in Bangladesh last year. However, the identity of the attacker(s) is still just speculation at this point.
While we still don’t know who is responsible for these attacks, it is imperative to respond quickly in these situations. Experian IT Services teams have been working over the past several days to mitigate any impact to Experian on this threat, ensuring appropriate prevention and response security patches and countermeasures are consistently in place. EITS teams are actively patching and performing maintenance on Windows systems, and Global Security Operations are actively monitoring, responding and mitigating any variants of the malware threat.
Though the damage from this attack has slowed, ransomware will continue to be a growing threat. There are a number of actions consumers and businesses can take to reduce their risk of being hit by an attack:
- Do not open any email attachments or click on any links unless you expected to receive them. Emails from unsolicited senders with attachments and links should be deleted immediately.
- Be wary of messages that don’t address you by name or that contain spelling or grammatical errors.
- Social media has opened up another avenue for online attacks. Treat it the same as email – if a friend sends you a personal message or leaves a comment with a link that seems suspicious, don’t click on it.
- Update your operating system, programs and apps whenever new versions are available. These updates are created to patch vulnerabilities and help keep you more secure. Not addressing them leaves a larger window for hackers to get in.
- Include multi-factor authentication on critical systems and make sure your passwords are unique and use a variety of numbers, letters and special characters.
- When in doubt, ask yourself if a person or organization would actually send a message asking for personal details. Calling your friend, colleague, or the business directly is a good way to confirm the request is valid.
Ransomware attacks can have a devastating impact on both organizations and individuals. Do your part to be as secure as possible and reduce your risk of an attack. Do you have additional tips for securing your system? Share them with us on Facebook, Twitter, or LinkedIn.