Recently, the Wannacry ransomware attack wreaked havoc on computer systems around the world, quickly encrypting data and holding it hostage in exchange for payment in bitcoins. As disruptive as this attack was, though, it could have been exponentially worse under slightly different circumstances or with a few tweaks to the program.
NO KILL SWITCH
One reason Wannacry was stopped relatively quickly was that it contained what was effectively a kill switch embedded in its code. This was in the form of an unregistered URL, and a security researcher found it after only a few hours of investigating the situation. After this URL was registered, the spread of the virus was brought nearly to a standstill and the cleanup could begin.
Although reaching out to this URL was a step in the process Wannacry used to spread from one machine to the next, its presence was also a big weakness since the URL was static and easily registered. A randomly-generated URL, however, would not offer the same type of vulnerability.
TIME-BASED ENCRYPTION
The Wannacry malware also made its presence known almost immediately once it infiltrated a system. That alerted the world to the nature of the attack and the threat it posed very quickly, allowing the research to begin that eventually stopped the spread.
If the program had been equipped with a time-based element, however, it could have spread silently through one system after the next, gaining access while leaving little to no sign on the surface of its presence. Two or three weeks later, once the spread was pervasive, it could activate and cause much more widespread damage that would be infinitely harder to recover from.
ATTACK BUNDLING
The bundling of the type of ransomware contained in Wannacry with some other types of malware could prove devastating as well. In fact, a Wannacry variant could provide cover for a more destructive type of program to take root and destroy vast quantities of data or take control of actual physical systems like power grids.
The method that Wannacry used was also not that sophisticated, and there are other types of more sophisticated malware that can do a better job of evading the tools investigators use to isolate and eradicate these kinds of programs.
THE BOTTOM LINE
The main lesson to take away from the Wannacry attack is that we are more vulnerable than we realize, and this will certainly not be the last event of its type that we see. Fortunately, there are several things you can do to protect yourself and your business from all manner of ransomware attacks. These include installing all patches and upgrades as quickly as possible, educating your employees on how to spot a threat and what to do about it, and installing comprehensive cyber security systems across your network.
Another important element in your defense is cyber insurance, and we offer an excellent range of policies designed to fit the needs of companies of all sizes. To learn more, contact our offices today.
