On Friday, May 12, companies in countries across the globe witnessed an unprecedented malware outbreak as ransomware labeled “WannaCry” and “Wanna Decryptor” infected a large range of critical systems. The malware exploits a vulnerability in older versions of Microsoft’s Windows, locks the systems it infects, and threatens to delete files unless a bitcoin ransom is paid.
What happened?
An attacker or group of attackers unleashed a wave of ransomware infections beginning on Friday, May 12. More so than previous attacks, this outbreak resulted in substantial disruption to regular operations. As has been widely reported, health providers were forced to cancel or delay important treatments, factories were forced to cease work, and many computer systems were disconnected from the Internet as a precautionary measure. The malware also spread quickly and infected systems in a large majority of countries around the world. According to various news outlets, the attacks have so far affected approximately 200,000 computers in more than 150 countries. The U.S., spared the worst of the outbreak up to this point due to the actions of a British security researcher, may experience an acceleration of infection as the attackers make adjustments.
Why were the attacks so effective?
These variants of ransomware were able to spread quickly and infect a large range of systems by taking advantage of a vulnerability in older versions of Microsoft’s Windows operating system. This flaw, first discovered by the National Security Agency, was publicly disclosed by a hacker collective in April. Microsoft previously released a patch through Windows Update that repaired this vulnerability, and following the wave of infections on May 12, Microsoft released an additional update for versions of Windows that no longer receive support through Windows Update.
What steps can be taken to protect against this wave of attacks?
Companies may consider a number of steps to protect against and respond to ransomware infections, including by patching known vulnerabilities, keeping abreast of up-to-date threat intelligence, making appropriate backups of data and systems, and maintaining effective response procedures. Alston & Bird has previously addressed this subject in an article written by our Cybersecurity Preparedness & Response Team entitled “Is Your Company Prepared for a Ransomware Attack?”
What are regulators saying?
The Department of Health and Human Services (HHS) has already distributed two email alerts in connection with this outbreak. First, on May 12, HHS advised the healthcare sector of the ongoing threat and encouraged healthcare providers to remain vigilant. Second, on May 13, HHS provided updated guidance on ransomware attack vectors and recommended defense mechanisms. US-CERT also issued an alert with technical details and analysis of these recent variants of ransomware. Given the scale of this outbreak, it is possible that additional government guidance will be released in the near future.