For a period of about 18 months, Ransomware dominated the news related to information security. Companies of all sizes and verticals were under attack by cybercriminals that were looking to make a quick buck, or a lot of bucks in some cases. Then, all of the sudden, Ransomware sort of went quiet and we didn’t hear about it as much. There are numerous possible reasons for ransomware going quiet for some time. One popular thought is that these cybercriminals were further developing their malware code to become more effective. The introduction of Ransomware-as-a-Service (RaaS) has further complicated ransomware as cybercriminals buy “older” versions of this malware, “improve” upon it, and then blast it out to everyone. Ransomware is like a game of cat and mouse; cybercriminals create a version that is effective for a short amount of time, the information security world catches on and figures out how to either decrypt the ransomware and unlock the files and our anti-malware systems/email gateways/anti-virus programs identify the malware and mitigate the chances of it getting through to our systems.
A little over a month ago, a strain of Ransomware called WannaCry made headlines due to the incredibly successful nature of the attack as it infected hundreds of thousands of users around the world. This ransomware was delivered through an unpatched vulnerability in the Microsoft Operating System. Thankfully, the damage was minimal as the malware code had a “kill switch” built in that stopped the spread.
What is WannaCry Ransomware?
WanaCrypt0r, WanaDecryt0r, and WannaCry are different names for essentially the same thing. Technically WanaCrypt0r is name of the executable, WanaDecrypt0r is the name of the decrypting utility, and WannaCry is what it makes people want to do. But, for most people they are the same.
By now, most know that it is ransomware. A particularly nasty brand of malware that holds your files ransom by encrypting (locking) them up and making you pay for the key.
Friends of Compass,
There is a rash of ransomware attacks being reported that has affected as many as 74 countries. One of the largest reported sectors is hospitals within the United Kingdom, with at least 16 hospitals affected. Many hospitals report being disabled and unable to perform regular functions (phones shut down, pen and paper notes only, and patients asked not to come to the emergency rooms). Other areas affected include a telecom company in Spain, and some FedEx computers as well. This attack does not seem to be targeted to any specific industry or company.
Fact: Phishing is the number one strategy that bad actors use to deliver malware to your organization.
Fact: Phishing attacks come in a few different forms, known as phishing attacks and spear-phishing attacks.
Fact: Ransomware is the most prevalent and dangerous form of Malware out there today and is the biggest threat to organizations and users.
We all know the facts listed above but honestly, we can never hear them too often. The problem is complacency and thinking, "that can't happen to us." Our guard is down and we receive an email that looks a bit odd (but not too odd) so we click on the link and BOOM….it has happened to us. We have infected our system and potentially our organization's network and files.