When “WannaCry” Strikes: Preparing for and responding to the Largest Ransomware Attack in History
May 19 2017
As many around the world were preparing for the Mother’s Day weekend, the WannaCry ransomware attack hit over 70,000 organizations in nearly 100 countries in just one day, Friday, May 12th. After the weekend, the attack had affected over 150 countries and may yet continue to spread. It has become the largest ransomware attack in history.
Known as “WannaCry” (or “WCry” or “WanaCryptOr”), this ransomware encrypts your computer files – making them inaccessible – and then demands a ransom of about $300 worth of the digital currency Bitcoin in order to restore your computer files. The malware warns that this ransom doubles to $600 after three days and that the files are deleted after seven days. Of course, there is no guarantee that paying the ransom will lead to the recovery of computer files.
Like most malware, WannaCry is initially delivered through spear-phishing emails and compromised links. Once installed onto a vulnerable computer, the malware not only encrypts computer files but also operates like a worm to scan the victim’s network for other vulnerable machines. Furthermore, WannaCry utilizes special evasion techniques to avoid being exposed to antivirus security scans.
WannaCry attacks by exploiting a known vulnerability in the Windows operating system that was initially disclosed and patched by Microsoft about two months ago. Microsoft has also issued emergency patches for older, unsupported versions of Windows. However, such patches are not always installed promptly, especially by organizations handling large numbers of computers, and patches for Windows XP and other outdated versions of Windows only became available recently.
As of Monday, May 15th, WannaCry’s many thousands of victims included FedEx, Renault-Nissan, the UK’s National Health Service, the Russian Interior Ministry, Spanish telecommunications company Telefonica, German railway company Deutsche Bahn, over 40,000 entities in China, and a police department in India.
Given the widespread and ongoing impact of WannaCry, along with the likelihood of spin-off ransomware coming in the near future, corporate officials such as in-house counsel need to be informed and prepared. With that in mind, here are some basic action items to consider: