Cyber Security: Is WannaCry still a threat?

Just when you thought it was all over, WannaCry is still attempting to infect thousands of systems a month. Are you protected from this immortal cyber threat? The WannaCry ransomware attack will go down in history, thanks to the chaos it caused around the world, most notably with the NHS. There were 200,00 victims and more than 300,000 infected computers, making it a significant attack. But if you think you are now safe from the infamous WannaCry, then you’re wrong.  

Still going strong

It has been 18 months since the attacks first wreaked havoc, infecting machines through exposed, vulnerable SMB ports. However, figures from Kasperky Lab’s threat report for Q3 2018 indicate that WannaCry still leads the way among specific cryptoware families, with attempted attacks against 74,621 of the security firm’s users across the globe between July and September. In fact, more surprisingly, WannaCry ransomware attacks have risen as a proportion of the total attack when compared to Q3 in 2017. “It is concerning to see that WannaCry attacks have grown by almost two thirds compared to the third quarter of last year,” said David Emm, Principal Security Researcher at Kaspersky Lab. “This is yet another reminder that epidemics don’t cease as rapidly as they begin – the consequences of these attacks are unavoidably long-lasting. Cyber-attacks of this type can be so severe that it’s necessary for companies to take adequate preventive measures before a cyber-criminal acts – rather than focus on recovery,”  

“All it takes is just one single Windows system on a Windows network to be affected, and the ransomworm proceeds to infect other unpatched machines”

How is it still attacking? 

The issue with WannaCry is that it is self-propagating. It is a ransomworm – also known as a cryptoworm – and upon infecting a new system, it encrypts a victim’s data and holds it for ransom until payment is received. All it takes is just one single Windows system on a Windows network to be affected, and the ransomworm proceeds to infect other unpatched machines. This all happens without human intervention (such as opening an email or a malicious attachment).  

How can you stay safe?

Organisations that failed to install Microsoft’s security update from April 2017 were affected by the attack. Frustratingly for many, Microsoft released this patch to protect systems from the exploit just two months previous to the hit, but many organisations still hadn’t applied the update. The day after the initial attack in May, Microsoft released emergency security patches for Windows 7 and Windows 8.1, as well as out-of-band security updates for end of life products Windows XP, Windows Server 2003 and Windows 8. To stay safe from WannaCry ransomware attacks, it’s fundamental to keep your software and operating systems up to date. As well as this, make sure you use an antivirus to help detect any suspicious activity on your computer. It may also be necessary to adjust your network settings; it’s thought that WannaCry may be using a flaw in Microsoft’s Server Message Block SMB in order to spread, so find out if you need to turn off your ‘network discovery’.   Want to ensure you are fully protected from Cyber Threats? Get SCC’s help today.