The media reported extensively on the attack by the WannaCry ransomware in May. Fortunately, in Finland, we got off easy with WannaCry, although the experts of the field feared for a peak of attacks when people would return to work after the weekend. According to the MTV3 News, WannaCry stopped the production at Renault, and its victims also included the German railway company Deutsche Bahn and American transport company FedEx.
WannaCry locks out the file management of the workstation, including important business documents and images, and requires to pay a bitcoin ransom to remove the locking. As a consequence, important files may be lost or fall into the wrong hands, which causes significant harm and vulnerability to the business. At a user level, WannaCry stops and prevents productive work.
Bitcoin ransom is required to remove the locking.
Traditionally, the user had to perform an action to activate the “attack code” of a ransomware programme, such as click on a link or open a file attachment in an email addressed to the user. However, WannaCry is more cunning than its predecessors. It attacks Windows systems that are vulnerable due to a non-updated operating system version or SMB client programme, e.g. a printer or file sharing function.
When a workstation of an individual user is infected, WannaCry tries to spread to the workstations of other users in the company’s intranet. In this way, it can lead to considerable damage in the organisation. The best antidote a user can take is to install the latest Windows data security updates as soon as practicable, if possible. However, to protect against ransomware like WannaCry, it is not sufficient to take measures at a user level, but the threat should be taken seriously by reacting at the organisational level.