Following the unprecedented WannaCry ransomware attack that infected hundreds of thousands of computers in 150 countries at the end of last week, consultancy EY has published six immediate steps for organizations to protect themselves and reduce the impact of this type of cyber attack, in which criminals encrypt key data on the infected computer and ask the user to pay a sum of money to have the data returned.
Don't pay WannaCry ransom
The computer networks infected by WannaCry were mainly in institutions and companies and victims were asked to pay $300 dollars through a bitcoin transaction. However, online security experts say this is unlikely to unlock the encrypted data and it's highly likely that the affected data is, in the case of WannaCry, lost forever. This underlines how essential it is to have a reliable – offline – backup of important data.
The current advice, therefore, is not to pay the ransom demanded. The reason being that there is currently so much attention on finding the perpetrators of the attack, that any money transferred to the stated accounts is likely to remain there (the criminals would not want to convert the bitcoin into another currency for fear of being traced) and is unlikely to bring back the victims' data.
Companies may have to prove data was not stolen
EY's David Remnitz said: “Malware outbreaks such as WannaCry require companies to respond in a comprehensive and defensible manner. Even after the data is restored, companies sometimes face allegations that sensitive personnel-related or other business information had been compromised in the ransomware attack. Third parties and other stakeholders may require the company to demonstrate forensically that, even if the data was accessed, it was not stolen.”
The advice from EY is:
- Disconnect infected machines from the network and take all backups offline because they also could become encrypted if left connected to the network.
- Activate your incident response plan and don’t treat the investigation as merely an IT issue or exercise. Ensure there is cross-functional representation in the investigation team, including legal, compliance, information security, business, public relations, human resources and other departments.
- Identify and address vulnerabilities in your connected ecosystem; sufficiently install security updates, malware detection and anti-virus detection to complicate attackers’ efforts to get back in; enhance detection and response capabilities for future attacks; and prepare for eradication events.
- Ensure your systems are patched before powering up PCs. Keep systems up to date with a robust enterprise-level patch and vulnerability management program. This should include a formal, repeatable life cycle to manage vulnerabilities based on risks as they evolve, and a comprehensive asset model that focuses on the exposure of assets to these risks, including any connectivity to other assets.
- Activate business continuity plans. Prepare data based on varying requirements for regulatory reporting, insurance claim and dispute, litigation, threat intelligence and/or customer notification.
- Collect and preserve evidence in a forensically sound manner so that it is conducive to investigation, and reliable and usable in civil or regulatory matters.
CTMfile take: It's also been suggested that the popularity of bitcoin payments could take a hit after being closely associated with WannaCry. It's worth noting that bitcoin transactions aren't quite as anonymous as is sometimes stated and the fact that bitcoin transactions are recorded publicly means there is potential to trace the cyber criminals when they convert the proceeds of the ransomware attack into other currencies.
Cyberattacks using ransomware up 50%, financial services at risk
Ransomware attacks on companies increased by 50 per cent last year - and financial services is most-targeted industry
Cyber risk a bigger threat to economy than Trump presidency
A survey has shown that the top systemic threat to the global financial system is cyber risk, while the outcome of today's presidential election in the US came second.
Cyber fraud prevention - the vital questions for your board
UK’s NCA Strategic Cyber Industry Group concluded: “Perfect security is almost impossible”, so your board better have appropriate answers to these questions or are you already in big trouble?