The Cunningham Lindsey Cyber team has been busy resolving Ransomware isssues for some time. I have previously raised the issue in articles and presentations that Ransomware can cause real problems for users when their data is locked and becomes inaccessible.
The WannaCry attack is unprecedented because the Ransomware was combined with a worm that allowed the infection to spread rapidly between computers. Although damaging, the impact was stopped prematurely by a British blogger who registered a domain cited within the Ransomware – read the story here.
The criminals won’t make the same mistake next time. A second variant could be coded quickly for re-issue. Once patched (Windows 7, Windows Server 2008 and Windows XP) operating systems will no longer be vulnerable. Going forward new vulnerabilities will most likely be used to launch a second wave with obvious consequences.
It is imperative that business and organisations makes sure that software patches are up to date and that they are using licenced antivirus protection. “Off-network” backups should be taken and held remote from the network.
In the event of a second attack, these backups could be used to rebuild networks should the worst happen, mitigating the impact of the malware.