Sign in

Use extreme caution in WannaCry Ransomware Attack

By: Ron Bebus

May 15, 2017

The largest cyberattack in history is hitting the U.S. today. Last week, multiple countries around the world reported falling victim to the WannaCry ransomware attack. Numerous hospitals and healthcare information systems were impacted. As of yet unknown cyber criminals have taken an NSA 0-day threat and weaponized a ransomware strain so that it replicates like a worm and takes over the whole network.

Stu Sjouwerman, Founder and CEO, KnowBe4, Inc., said that there is a MS patch that needs to be applied urgently if you have not done that already.

What’s happening?

PrivaPlan President David Ginsberg is keeping a close eye on the situation and shared new developments as of early Monday:

• Security experts report the ransomware variant exploits a vulnerability discovered and developed by the U.S. National Security Agency, according to The New York Times. Shadow Brokers, a group that regularly posts stolen software and hacking tools developed by the U.S. government, released the tool online last month.

• Microsoft created a patch for the vulnerability, according to The New York Times. However, many organizations — including hospitals — had not appropriately updated their systems.

• Brad Smith, president and chief legal officer of Microsoft, wrote a blog post Sunday blaming the U.S. government for not working with technology companies to address software vulnerabilities.

• Security experts discovered the ransomware infected more than 200,000 computers in more than 150 countries. According to Forbes, at least 1,600 U.S. organizations have been infected with the ransomware, including FedEx.

• Once infected, each affected organization received a similar message that requests at least $300 in bitcoin to unencrypt their files, according to Reuters. As of Sunday morning, the ransomware attackers had already received roughly $32,500 in bitcoin.

• Multiple sources have reported that a security researcher stopped the ransomware attack from continuing to spread by registering a domain name that had been hidden in the malware. The researcher, who identified himself as MalwareTech, found and inadvertently activated a “kill switch” in the malicious software. However, the BBC reported that while this fix stopped the ransomware variant from distributing to new devices, it does not fix systems already infected.

 

What can you do?

PrivaPlan strongly recommends phishing testing and training for your employees. To find out how our HIPAA experts can assist you with this, contact us at info@privaplan.com or call 877-218-7707.

Also, continue to advise your staff to be aware and vigilant and to follow these recommendations:

• Do not open unsolicited attachments.

• Be aware of the sender of email and the sender’s domain.  Do not open suspect emails.

• When in doubt, don’t open anything and contact the help desk IT support professionals.