ACE and Chubb are now one.
 
 
ACE has aquired Chubb, creating a global insurance leader
that will operate under the renowned Chubb name.
Learn More Not Now
print   email   Share

Largest Ever Global Ransomware Attack: What You Need To Know Right Now About Ransomware

Over the weekend, global computer systems experienced the largest ransomware cyberattack ever. Experts do not think the attack is over yet.

In the UK, 45 of its National Health System operations were affected, interrupting patient care. In China, nearly 30,000 institutions, including government offices, banks, and hospitals were infected. "On Sunday, Europol described the attack as 'unprecedented.'" In all, there were approximately 200,000 computers in 150 countries, including FedEx in the United States.

The amount typically demanded was $300 to $600. Moreover, the attack affected systems that utilize Microsoft XP. According to US-CERT (United States Computer Readiness Team), "initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 vulnerability on March 14, 2017. Additionally, Microsoft released patches for Windows XP, Windows 8, and Windows Server 2003 operating systems on May 13, 2017. According to open sources, one possible infection vector is via phishing emails."

Reports are emerging that the malicious code may have originated from North Korea. "Cyber attacks linked to North Korea, security experts claim," http://www.telegraph.co.uk/technology/2017/05/15/north-korea-linked-global-cyber-attack-experts-examine-ransomware/ (May 16, 2017).

Additional reports are that those infected and pay the ransom are not receiving the encryption key to unlock their files. Andy Greenberg "The WannaCry Hackers Made Some Real Amateur Mistakes," https://www.wired.com/2017/05/wannacry-ransomware-hackers-made-real-amateur-mistakes/ (May 15, 2017).

Microsoft urges customers to be "more aggressive" about installing the security patch the company had issued several weeks ago. Unfortunately, older versions of the Windows operating system were not addressed by the patch or perhaps organizations were not able to install it properly.

Unfortunately, a present-day patch will not fix an outdated or unsupported operating system. Robert McMillan "How to Protect Yourself From Ransomware," wsj.com (May 14, 2017); Chris O'Brien and Christina Boyle "'WannaCry' Cyberattack is Slowing Down; Experts Say It Could Have Been Much Worse," latimes.com (May 15, 2017); Nick Kostov, Jenny Gross and Stu Woo "Cyber Attack is Likely to Keep Spreading," wsj.com (May 15, 2017).


Commentary and Checklist

Ransomware is a type of malware. It infects a computer or system when a user unintentionally visits an infected website or opens an infected attachment in an email.

A message will pop up with a payment demand meant to frighten the user into clicking on a link or paying a ransom, usually in bitcoin that must be sent to an overseas account in order to get the computer files unlocked.
 

Some examples of these messages are:

  • "Your computer has been infected with a virus. Click here to resolve the issue."
  • "Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine."
  • "All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data."

Bitcoin was created by someone using the alias “Satoshi Nakamoto” in 2009. It is a digital currency that does not involve banks; therefore, it allows for anonymous purchases of merchandise. Bitcoin is not tied to a country or subject to any regulation, making it a perfect vehicle for cybercriminals.

The ransom demanded by the ransomware criminals is usually a few hundred dollars, but criminals often demand more from larger organizations. Infected systems can lose proprietary information, have daily operations shut down, and lose the public’s confidence in the organization’s ability to protect sensitive information, especially when health care institutions and banks are under attack.

Employers must stay alert to new and growing threats to their information systems. Educating employees on security threats needs to be a consistent and repetitive endeavor. A long-term prevention step is training your employees to watch for phishing emails that entice employees to select links and documents with the malicious code.

Regularly backing up computer data is the best defense for individual computers and for systems. Having a recent backup lets you ignore the extortion, reformat your computer, and reload with the backed-up data.

US-CERT recently released an alert as to the “WannaCry” attack and suggests these steps:

“In advice specific to the recent WannaCry ransomware threat, users should:

  • Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization's helpdesk or search the Internet for the main website of the organization or topic mentioned in the email).
  • Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments.
  • Follow best practices for Server Message Block (SMB) and update to the latest version immediately.”

US-CERT gave additional advice in its alert for best practices on “patching and phishing”:
 

  • Ensure that your applications and operating system has been patched with the latest updates. Vulnerable applications and operating systems are the target of most attacks. (See Understanding Patches.)
  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Avoid providing personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
  • Avoid revealing personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Be cautious about sending sensitive information over the Internet before checking a website's security. (See Protecting Your Privacy.)
  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from anti-phishing groups such as the APWG.
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. (See Understanding FirewallsUnderstanding Anti-Virus Software, and Reducing Spam for additional information.)  https://www.us-cert.gov/security-publications/Ransomware


What are other cybersecurity steps organizations need for protection?

  • Make sure antivirus software is current.
  • Make sure your software manufacturer supports your operating system.
  • Have automated patches enabled for the operating system and web browser.
  • Create strong passwords. Do not use the same password for everything.
  • Always use a pop-up blocker.
  • Download software, especially free software, only from known, trusted sites.
  • Never open attachments in unsolicited emails even if they come from people in your contact list.
  • Never click on a URL contained in an unsolicited email even if it looks safe. Close the email and go directly to the organization's website instead.
  • Always conduct regular system back-ups and store the backed-up data offline.
  • Make sure employees are regularly trained on your ransomware policy.
  • In case of a cyberthreat, report it immediately. Do not respond to the attacker.


 

Finally, your opinion is important to us. Please complete the opinion survey:

Login

Log-in to access Training Modules, Article Archives, Model Policies and more!

Latest Numbers

Unemployment Rate

4.4% in Apr 2017

Payroll Employment

+211,000(p) in Apr 2017

Average Hourly Earnings

+$0.07(p) in Apr 2017

Employment Cost Index (ECI)

+0.8% in 1st Qtr of 2017

Productivity

-0.6% in 1st Qtr of 2017

Source: Department of Labor

Chubb Offers for Employment Practices Liability (EPL) Insured:

Loss Prevention Reimbursement Credit

HR Acuity On-Demand

Best Practice Minute

Available presentations

What's New

Post-Hire Background Checks: The Numbers And The Risk

A new survey shows that very few employers perform post-hire background checks. We examine the numbers, but also the risk post-hire background checks present for employers. Read More

Financial Wellness Programs Are Growing In Popularity: What Are The Risks For Employers?

New study shows financial wellness programs are becoming more prevalent and important to employees. We examine the statistics and the EEO risks for employers. Read More

When Former Employees Access Your System: The Risk For Employers

A former employee, now a rival, pleads guilty to unauthorized access of his former employer's computer system. We provide the facts and some insight on what employers should consider. Read More