Friday afternoon, 12th of May 2017, I began watching TV reports of a massive cyberattack in which the WannaCry virus encrypted data on thousands of computers and demanded a ransom to decrypt it. It had spread virally encrypting computer data at schools, hospitals, government agencies and many businesses at a global level. The attack now ranks as among the most disruptive in history.
This brought back fresh memories of our business being shut down for 3 days in January 2016, by nothing less than a ransomware virus. Prior to the accident, we had then what we thought was a secure system and full data backups. This, however, did not stop the virus from infiltrating the computer network, lessons were learnt.
Apparently, the most common way for spreading computer viruses, is often through sending fraudulent emails. Emails are designed in a way to get the victim to view its contents and then proceed to download a malicious attachment. Verizon Enterprise Solutions reported in a 2015 data breach report that approximately 23% of people open phishing messages and 10% then click on its attachments. Other less common ways include, visiting a compromised website or joining an already infected computer network.
Once a computer is infiltrated, any computer associated with that computer’s network is certain to get infected too.
The average individual ransom demands from the latest ransomware attacks is USD300, in Bitcoins, that’s 0.3 to 1 Bitcoin. Although it may seem like a small amount to pay, the ransomware attacks are globally distributed, the total economic costs from interruption to business is speculated to be between 1 to 4 billion dollars. Bitcoins are popular among cybercriminals because it is decentralized, unregulated and practically impossible to trace.
How do I know that my system is struck by WannaCry?
- A splash screen appears blocking access to your computer including the message “Ooops, your important files are encrypted!”
- You are unable to access or open computer files
- You are required to run and follow the instructions of the file, “Wana Decryptor”
- You’re presented with instructions for paying the ransom using Bitcoins.
What can I do if my computer has been compromised?
While there is no known way to recover files encrypted by WannaCry, you could do the following:
- If your computer is connected to a network, disconnect it.
- Don’t give in, don’t pay the ransom. There is no guarantee that files will be returned intact if you pay.
- Try to restore your files from a backup. If this isn’t possible, search for tools that can decrypt and recover the lost files. Visit the webpage of No More Ransom at https://www.nomoreransom.org. It’s a joint initiative by Europol, the Dutch National Police, Intel Security and Kaspersky Lab initiative, to help ransomware victims recover their data without having to pay ransom to cyber criminals.
Finally, beware!
Cybersecurity experts warn that people should be particularly skeptical of emails with attachments that appear to be from trusted brands like, FedEx or PayPal or even LinkedIn, when they arrive unexpectedly. But this doesn’t mean you will be able to spot each and every attempt. Cyber hacking is constantly evolving, adopting new techniques and forms. The least you can do to protect against a ransomware attack is to:
- Install and renew when due your anti-virus software.
- Always keep your operating system up to date.
- Install Microsoft’s patch (MS17-010), if you haven’t already done so.
- Don’t download anything from an email address you don’t recognize or raises suspicion.
- Back up your files on a daily or weekly basis.
- Don’t use pirated software.
- Browse safe websites.
Final thoughts
It is much easier to avoid the threat than to fight against it. Businesses that were not prepared for WannaCry virus and got hit by it, should expect the financial statement impact from business interruption to far exceed the ransomware payment demanded by the hackers.
Businesses should carefully review their existing liability insurance policies, such as kidnap and ransom policies and should seriously consider standalone cyber risks insurance. A typical cyber insurance policy will protect a business against extortion and ransomware attacks.
While ransom demands to date have been low enough to fall under policy deductibles, the costs of crisis management, forensic investigation expenses, computer system overhaul and lost business can be catastrophic.