Don’t Let the WannaCrypt Virus Make You WannaCry

It is likely you have heard about the massive cyber-attack that started last Friday, May 12. It is technically known as WannaCrypt but is now commonly referred to as WannaCry. This ransomware virus affected computers in over 150 different countries starting in Europe. Fortunately, there are fewer victims in the United States. The virus encrypts data on infected machines. Victims are told they will receive instructions on how to un-encrypt their files after paying the equivalent of $300 in Bitcoin. The ransomware threatens to delete the files within seven days if no payment is made.

WannaCry Screenshot

The malware makes use of a vulnerability in older versions of a Windows Server. Microsoft patched the vulnerability in March. Any organization that has updated their software with the latest Windows patches will be protected from this virus. Because of this attack, Microsoft issued new updates specifically addressing the WannaCrypt attacks and other copycat attacks. Microsoft even took the step of releasing a security update for Windows XP machines, which are no longer supported.

Don’t Be Complacent About WannaCry

While the initial wave of WannaCry malware attacks seems to be subsiding, it is a wake-up call to all organizations globally to make sure they take appropriate steps to protect their data and information.

The WannaCrypt attack is a wake-up call for any organization regarding the importance of a full cyber-security plan.

Internal Protection Steps

Every organization should take the following steps to ensure their organization is adequately protected.

  • Ensure Microsoft Operating Systems are up-to-date
  • Stop using older version of Windows OS and servers
  • Make sure any anti-virus software you have installed is up-to-date
  • Train employees not to open or click on unknown emails and links
  • Remind employees often about ransomware attacks

Educate Your Clients

In the same way, you should educate your clients about the risks they face due to cyber-attacks like WannaCry. Cyber liability insurance is an important tool you can provide to your clients that will help them recover in the event of a cyber-attack. You owe it to your clients to continually remind them of the increased risk they face due to cyber-security issues. Here are some suggestions:

  • Make sure you understand the coverages available in a cyber liability product (or endorsement to an existing policy). Not all policies provide coverage for a ransomware type attack.
  • Include a cyber liability quote (or indication) on every proposal for every size business.
  • Everyone in the office cannot be a cyber liability expert. Designate one individual to be the point person for the organization.
  • Mandate that clients sign a waiver if they choose not to purchase the coverage.

I have included a few links below for those who want a little more information about the WannaCry attack:

YouTube Video describing the WanaCry 2.0 Ransomware attack

Wikipedia Article on WannaCry Ransomware

WannaCrypt Ransomware Attacks: What You Should Do

Agents Council for Technology (ACT) Security and Privacy Resources

DocuSign also acknowledged yesterday (May 17, 2017) that one of their computer systems suffered a data breach that resulted in customer and user emails being stolen. If your organization uses DocuSign, you have likely received an email notice. Click here for a more in-depth description of this data breach from Krebs.

Both of these incidences should make it clear that data security is vitally important. Data breaches are going to happen again. The WannaCrypt attacks may not be over. The group allegedly responsible for this exploit has indicated they have more on the way that may target Windows 10 machines. These types of attacks are not going away. In our digital world, it’s more important than ever to take all appropriate steps to protect your own organization and your clients’ information.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *