WannaCry Ransomware Update

In the aftermath, it is now thought that the recent WannaCry ransomware attack infected 350,000 victims in more than 150 countries, including Spanish telecoms firm Telefonica, French carmaker Renault, German rail firm Deutsche Bahn, logistics firm Fedex, Russia's interior ministry and 61 NHS organisations in the UK. Although there are many rumours still ongoing, it is yet to be confirmed who was behind the attack.

WannaCry is a unique example of an attack which works without any human interaction targeting a broadly available vulnerability with a working exploit. Experts believe the worm was primed to look for machines vulnerable to the bug within a Microsoft technology known as Server Message Block (SMB), with the majority of effected machines running Windows 7. The 'worm' then spread via network shares, looking for further vulnerable machines, allowing it to rapidly multiple across hundreds of computers, within hours of initial detection.

Once the WannaCry attack encrypted a computers file, an alert appeared on screen demanding a payment of £230 (in Bitcoins). It is now thought that 296 payments were sent, totalling £76,555, with no reports of any data then being restored.

Importantly, since the initial WannaCry attack, another attack called Adylkuzz has surfaced which also attacks the same Windows vulnerability as the WannaCry bug.

With the threat of a new or piggyback attack far from over, it is vital that your organisation is well protected. It is far better to put in place preventative measures than react to an attack if it occurred. Have a read of latest blog post on what you can do to protect yourself and contact us if you're concerned or need IT security advice.