Semafone Blog

WannaCry: The Cyberattack That Could Have Been Prevented

By Ben Rafferty, Global Solutions Director

You would have to be living under a rock not to have seen the latest news about the WannaCry global ransomware attack. If you work in information security, whether your organisation was affected or not, you’ve certainly had a serious wake up call or have been smugly justified in your data security preparedness (or you’re a “Linux-House” – like Semafone – unaffected but concerned for the victims of the attack). The most recent update has pointed to North Korean state hackers as the culprits, but no matter who’s to blame, the fact of the matter is that more than 200,000 computers across 170 countries found themselves targeted by the malware; unable to access data stored on their IT systems.

What is ransomware?

Before digging deep into the issues behind this cyber-attack, it’s important to understand exactly what this variant of ransomware is, and how companies were targeted by it. First off, as ransomware goes, WannaCry has good credentials in terms of effectiveness; it supports 28 different languages and can encrypt 179 different types of files.

For a piece of malware that’s so damaging, you would hope that it’s difficult to get a hold of. But unfortunately, that’s not the case. All that the cyber-criminals had to do, was to download the WannaCry ransomware from the dark web. What made this particular attack so damaging is that the hackers used nation state-grade capabilities from the National Security Agency (NSA) to distribute the WannaCry tool across the world.

Once it had been delivered into email inboxes in the form of a pdf, all it took was for the targeted person to click on the attachment, to find the virus installing itself onto their computer. Once there, it checked for other viruses and parasites, and kicked them off (so that it could work uninterrupted!), installed its own tor browser, so to communicate anonymously, and then encrypted the data, which could only be unlocked by paying a fee to the cyber-criminals.

Make security education a priority

So, what should companies have done to avoid finding themselves in such a disastrous situation? There are two simple things that needed to happen, which could have helped many of them escape becoming a victim of this cyber-attack. Both relate to education:

Making sure that staff understand the dangers of phishing emails

Too many employees, no matter their seniority, fall victim to the simple scam of phishing emails. Companies need to ensure that every worker knows how to recognise an unusual or unexpected email, and to understand the very real threat when it comes to the methods used by cyber-criminals. Making it clear to employees and demonstrating the damage that can be done (using the WannaCry attack will no doubt be the new go-to example), will encourage them to take data security more seriously.

Teaching staff about the importance of updating computer operating systems

The simple fact of the matter is that if many of the victims had updated their Windows operating system only eight weeks ago, they would have been protected against the WannaCry attack. Those who were caught out won’t be receiving a lot of sympathy from the infosec community. Essentially, it’s like getting your flu jab; if you have the vaccination, you won’t catch the flu; or you might catch it, but you’ll be far more easily able to fight the virus off. Companies need to automate the updates and ensure that each and every employee is allowing the necessary updates to install, to keep data secure and out of the hands of cyber-criminals.

Make data security the top priority

Organisations need to realise that every piece of data is valuable to a cyber-criminal; they will find ways to exploit the fact that you collect and store sensitive information about your customers, so you need to be prepared for this. Removing the temptation is the best solution – we always say “they can’t hack what you don’t hold.” If you do have to hold it, make sure that you have trained your employees in the security basics.


Share this article