May 14 2017
- last edited on
Feb 19 2021
What can we learn as a community from what Microsoft call the WannaCrypt ransomware worm with 200,000 victims in at least 150 countries according to the latest reports? Also known as WannaCry, WCry, Wana Decrypt0r and WanaCrypt0r, it has been headline news for the last three days.
In the UK alone, WannaCrypt is causing havoc in hospitals, reportedly spreading to a fifth of all national health organisations, delaying appointments and vital operations putting patient care at risk. There are many other high profile examples of companies with WannaCrypt infections around the world.
While I don't have direct experience with WannaCrypt, I have previously been involved in dealing with ransomware incidents. I have been following developments closely and wanted to contribute some thoughts with how this sort of outbreak can be minimised. Firstly, more specifically, here are Microsoft's posts about WannaCrypt:
Even if you haven't been hit with WannaCrypt, it's a great time to shore up your defences against cyber-attack.
Policy and Procedures
I am a firm believer in that security isn't a product or a feature you just buy off the shelf as such, it needs a solid foundation and that comes from your policies and procedures.
Here are the sorts of questions I'd be asking when looking at a company's competency with dealing with these types of threats:
A few additional points that if not done help threats like WannaCrypt flourish:
"This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support." (Microsoft's Brad Smith, President and Chief Legal Officer)
How well prepared is your organisation for the next WannaCrypt?
May 16 2017 03:13 AM - edited May 16 2017 05:26 AM
I have incorporated this post into an expanded TechNet Wiki article - Practical guidance on preventing cyberattacks like the WannaCry ransomware.
Still a work in progress but I have gone into more detail on some of the points I made here!