WannaCry – a New Strain of Ransomware

Wildfires are threatening nearby communities in Florida. One of these grew from 3 acres to over 3000 acres in a matter of hours, threatening homes in the vicinity and shutting down parts of the interstate highway that connects this side of the state. Firefighters are working hard to attempt to gain control of this (and other) wildfires in the area.

As these fires were spreading, another outbreak was spreading just as rapidly. A new strain of ransomware spread globally, to more than ten thousand companies in over 150 countries. Instead of closing highways and threatening homes, this ransomware outbreak closed down companies and government sites and threatened lives. Numberous hospitals were among the victims and they had to suspend important services to existing patients and turn ambulances away.

This new strain of ransomware spread globally in a matter of hours. In the past, a ransomware outbreak would typically occur at a single company. Once the attack on the company was successful, it would spread to many of the computers within that company. What’s different in this case is that the outbreak spread globally. It wasn’t confined to single companies but spread like wildfire throughout all the world.

We did see the same type of thing occurring a couple decades ago with the ILoveYou virus, among others. They spread globally in a matter of hours or days. What is new in this instance is that it is now occurring with ransomware. (If you need a reminder about what ransomware is, it takes control of and “kidnaps” your data, holding it for ransom. You have to pay the ransom to get your data back, and hope the data kidnappers will make good on their promise to set your data free. If you don’t pay, you lose your data forever.)

If you have prepared, you can get your data back without paying the kidnappers. But, if you didn’t prepare in advance (or didn’t prepare in the right way), you may have to either pay or lose your data.

image of computer with message on screen, saying 'Ooops, your files have been encrypted!
There is a mix of good information and misinformation on the news. This is true of the reports on television as well as those on the Internet. Much of the information is OK, but some is misleading or inaccurate. While the news does a good job of informing of events, it is not always a good source of detail. It can serve as a starting point but should not be taken as the last word. (I believe that most reporters are trying to do a good job of reporting. But, sometimes, the truth gets distorted. And the reporters don’t have the expertise to give a complete and accurate picture, especially of technical issues.)

What may be more surprising is that even technology experts are reporting some of the information incorrectly. This is a new strain of malware and it is still being investigated, so it is not surprising that new developments will be reported as more information becomes available. But different “expert” sites are reporting differences on some of the technical details as well as what systems are vulnerable and how to address the issue.

An example is that some are blaming older computer systems. But it’s not only older systems that are affected. New computers and new versions of Windows are vulnerable.

For this particular outbreak, if ALL patches have been applied to a system, it keeps the threat from spreading through that system to others.

Applying updates is essential, but that won’t always protect you from all threats. Some threats will still be able to find their way into systems that have every possible update applied.

The news reports talk about a “loophole” in Microsoft software and stolen NSA tools that were used to enable the spread of the malware. While that may be true, let’s look at the bigger picture.

1) There will always be problems with software. New vulnerabilities will be found and discovered. Some of these will be found and exploited by the bad guys before the problem is even known to those who would like to protect us.

2) It doesn’t take a stolen NSA tool to make this kind of proliferation possible. Our connected world and the automation which makes things work and makes things easy makes it possible for malware to spread like wildfire.

3) New systems and fully updated systems will not escape all the outbreaks.

4) Security software will not catch all the problems.

Every year there are reports of wildfires. You hear about them in California. We have them in Florida too. Drought conditions make them more likely. They may occur due to human error or natural conditions (e.g., lightning). They will continue to occur and, once started, are often difficult to get under control.

Malware outbreaks will also continue to occur. They are made easier by the connected environment of cyberspace. They are also made easier by the automation that enables ease of use and applications that enhance our lives and experience. Our tendency to act without thinking things through (clicking on links, curiosity, etc.) also contributes to these outbreaks. And, like wildfires, these outbreaks are often difficult to control, once started.

But, there is a difference with malware. While wildfires occur by accident or by natural chance, malware is created by humans who design it to do harm or take advantage of others. Humans have been able to put men on the moon and to unravel some of the mysteries of nature. The same human intelligence and ingenuity, when applied to criminal activities, will also produce outstanding results. However, those results will be harmful.

People aren’t likely to stop pursuing their own agendas at the expense of others any time soon. People will continue to find ways to attack our computers, steal our money and info, and otherwise cause us harm and inconvenience. Just as we develop better technology and our accomplishments create wonderful things, the malware that these malicious actors produce will continue to become more sophisticated and dangerous.

Expect more outbreaks in the future. It’s not going to stop any time soon. Expect the situation to get worse.

So, what can you do?
* Keep your systems updated.
* Learn what the threats are and the best ways to protect yourself.
* Realize that no matter how much you do, you may still become a victim.
* Have a plan for the situations where you become a victim.

In the case of ransomware, a critical part of your plan is to have a good, recent backup. The backup should NOT be connected to your computer. If it is and you become a victim of ransomware, the ransomware will probably render your backup useless.

Thus far, this particular incident is focused more on companies than home computers. If your computer isn’t tied into a company network, you may escape this time. But this should serve as a wake-up call. The next threat could impact home users as heavily as this one is affecting companies. And there are plenty of existing ransomware varieties that do affect home users.

It doesn’t really matter whether this particular instance poses a threat to you personally. You should recognize that ransomware is a threat to YOUR computer and you should become informed and take appropriate measures. Although you can’t eliminate the possibility of being infected, you can reduce your chances. And you can take measures to return to normal if the worst occurs, as long as you do that before something happens.

If you do that, you don’t need to panic the next time you hear of a new outbreak. It certainly will still make sense to pay attention to it to see if there’s anything new. But, you’ll be in pretty good shape to handle it, if you’ve taken the recommended steps in advance.

For more on ransomware and how to deal with it, review my previous posts on ransomware. You can find them at the links below.

1 – What is Ransomware?

2 – How to Avoid Ransomware Payment

3 – Ransomware Prevention