Blog | | by C. Lohoff
WannaCry affects businesses worldwide
A severe ransomware attack, known as WannaCry, hit more than 200,000 computers worldwide, according to Europol. The attack was launched on Friday, 12 May, targeting Microsoft Windows operation systems.
The attack affected several large companies worldwide especially in Europe and Asia i.e. Tefefónica, the British NHS, Deutsche Bahn and FedEx. Perpetrators encrypted the entire data on the infected devices demanding a ransom payment for the encryption key. The demands in this attack were $ 300 in the cryptocurrency Bitcoin due within three days since the infection, threatening to double the amount for payments within six days and to destroy the encryption key if demands are not met within a week, resulting in the permanent loss of the encrypted data.
The hackers used a software code developed by the NSA that uses a security gap in the operating system. Microsoft published an update that would close that gap in March. The NSA codes were published in April by another group of hackers.
According to Europol the attack has been unprecedented in scale. The wide spread of the malware indicates that cyber security is an underpriorised issue in many organizations. The attack hit many systems running on Windows XP, an operating system not supported since 2014, or running on supported but not updated operating systems.
Recent developments indicate however, that WannaCry could have been a distraction as another attack has been identified by researchers. “Adylkuzz” is an attack that uses infected computers to produce the cryptocurrency Monero often used in the dark net to purchase drugs, credit cards or counterfeit products. The attack uses subtle software that operates in the background and only tells by slowing computers down. It is therefore often unnoticed.
These most recent attacks show that computer systems are fragile infrastructures that do not run on an If-it-is-not-broken-then-don’t-fix-it-basis, but that need to be updated and developed on a regular basis though this is expensive in time and money. However, there is no 100 % guarantee that a properly administered system is safe as criminals are constantly looking for security gaps in the systems to develop new malware.
In order to reduce the remaining financial risk insurance policies covering cyber and/or K&R risks should be considered. Costs for business interruption, security consultants, ransoms and other can be covered. Especially businesses relying on technical infrastructures should consider these options to prevent crucial financial losses.