Preparing for the next wave of ransomware attacks

Preparing for the next wave of ransomware attacks

Last month’s massive ransomware attack affected several thousand organizations including UK’s National Health Service, FedEx, as well as many small- and medium-sized firms. According to news reports, the ransomware, known as WannaCry, infected over 300,000 machines across 150 countries. It also managed to extort $100,000 -- a relatively small amount considering its reach -- but significant nonetheless.

What is WannaCry?

WannaCry behaves the same way as any ransomware we’ve encountered in the past: It encrypts a user’s files and releases them only if the victim pays the $300 ransom. It also threatens to double the ransom amount after 72 hours, and permanently deletes all encrypted files after a week.

What makes WannaCry more dangerous than your garden-variety ransomware, however, is that once it’s done encrypting local files, it scans the network for unpatched Windows computers and proceeds to infect those machines without a user needing to open an email, download an attachment, or click a link.

Shortly after the outbreak, a security researcher discovered a “kill switch” that stopped the malware from spreading, but this is certainly not the last we’ve seen of large-scale ransomware attacks, or even WannaCry itself.

New ransomware strains

Despite WannaCry’s weaknesses, other more experienced cybercriminal groups will likely hijack the original virus and create new versions to cash in on its widespread effectiveness. In fact, cybersecurity firm Kaspersky has already discovered a new strain that improves upon WannaCry’s shoddy code and removes the kill switch. What this means for businesses is they can expect to see new ransomware versions with streamlined payment platforms to convince more people to pay.

How to stay safe

Given that there is no universal decryptor for ransomware attacks, it’s important that businesses do all they can to prevent WannaCry and other variants from infecting their computers. Here’s what you can do:

Keep operating systems up to date - WannaCry spread by exploiting vulnerabilities in the Windows operating system that were patched months before the ransomware was released. By getting in the habit of installing updates for all your software solutions as soon as they’re available, you can avoid disaster.
Deploy security tools - Apart from installing critical software patches, it’s equally important to install antivirus software, firewalls, and intrusion prevention systems, as these tools have been upgraded to include capabilities to detect and prevent WannaCry strains.
Security training - Teaching your staff healthy security habits like avoiding suspicious links and file downloads will encourage them to take an active role in protecting your business from ransomware.

Back up your files in the cloud - Cloud backup solutions allow you to store files in remote data centers and retrieve them from any device. This means that if your local files are taken over by ransomware, you have your cloud files to fall back on.

The most important thing to remember is to act now. More ransomware attacks are bound to spread in 2017, and if you want to protect your business, contact our managed IT specialists at We provide all the necessary security services to help you avoid paying cybercriminals a single dime.