Ransomware Attack affects over 100 Countries

The world was hit with a widespread ransomware attack that started Friday morning, May 12th (BBC, NYT, WSJ). Since its discovery, thousands of organizations and hundreds of thousands of individuals in over 150 countries have been impacted. 

The ransomware attack locks the files of impacted systems and demands payment – $300 in bitcoin – to release the data. Ransomware is not new. The first known ransomware attack – using file encryption – was in 1989. In recent years, ransomware attacks have been increasing as cybercriminals become more sophisticated and as crypto-currencies create a vehicle for non-traceable payments.

Ransomware infections can originate from opening an email attachment or clicking on a link leading to a compromised web site. Once the user opens the file attachment or clicks on the link, ransomware will encrypt all files on the device, any attached drives, backup drives and potentially other computers on the network within minutes.

“Friday’s attack is a loud and clear wake-up call,” said Michael Kaiser, executive director of the nonprofit National Cyber Security Alliance in Washington, D.C. “The attack was global in reach, and its impact was significant. When we see whole systems like the National Health System in the United Kingdom directly targeted, it reinforces how dependent we have become on our data-driven networks. It is of utmost importance that cybersecurity of those networks be a top priority of businesses and organizations large and small.”
 

There are defenses that can help to prevent ransomware infections. Basic cyber hygiene can provide significant immunization against such attacks, including:

• Keep software updated: Prevent infections by updating critical software as soon as patches or new operating system versions are available. This includes mobile and other internet-connected devices.
• Protect accounts with strong authentication: Two-step verification provides an extra layer of security beyond just a username and password and prevents unauthorized access through stolen credentials.
• Conduct regular backups of systems: Having current backup of all data speeds the recovery process in cases of ransomware.
• Use unique passwords: Long, strong and unique passwords containing a mix of letters, numbers, and symbols are effective against intrusions.

Other helpful resources include:

• Stop, Think, Connect: https://www.lockdownyourlogin.org/
• Stay Safe Online: https://staysafeonline.org/stay-safe-online/
• The No More Ransom Project: https://www.nomoreransom.org/