Site icon Storm ID Blog

The Implications of WannaCry

Coding graphic

A lethal malware holding digital documents ransom

As I’m sure you will be aware by now, there was a recent global malware outbreak – “WannaCry”. This attack struck our NHS, among other organisations, and hit the headlines of mainstream news agencies worldwide.

Its ability to attack and spread within a given system, its global reach and the rate of distribution warrant major concern to all who operate in the digital era.

Techworld explain that Wannacry, and other ransomware, infect computers – typically via unsafe email attachments – and restrict a user’s computer access, with the threat of deleting files unless a ransom is paid.

The attack exposed vulnerabilities in legacy Windows components, namely the Server Message Block v1 component (or SMBv1 for short), which is responsible for the sharing and transfer of files on a Windows-based system or network.

WannaCry is considered by cyber security experts Symantec as more problematic than other ransomware:

…because of its ability to spread itself across an organization’s network by exploiting critical vulnerabilities in Windows computers.”

The implications of WannaCry are vast and concerning.

Tightening security

This highlights the need for organisations to not only be even more vigilant when opening suspicious emails, attachments and other files from external sources, but also the need to keep systems (Windows in this particular case, but the same goes for others) patched and up-to-date.

The vulnerability was originally discovered in March 2017, and a patch was subsequently released by Microsoft, for modern versions of the Operating System at the time. Earlier this week, given the severity of the problem, they also took a unique step in releasing a newer patch to address older Operating Systems as well, such as XP, Windows 8, and Server 2003.

Measures taken at Storm

At Storm, all systems – including our own internal systems and external productions systems – are (and were) kept up-to-date prior to the attack, so our systems were protected from this particular vulnerability. We have subsequently ‘removed’ the feature from Windows Systems under our control, to ensure that the SMBv1 protocol cannot run, period. This is an additional measure of protection, over and above the necessary patch and update.

We’re glad to report that all of our systems are fully functional and secure. We are continuing to monitor the situation, to ensure we are informed of any further developments or variations in said vulnerabilities and cyberattacks.

Cybersecurity is paramount to us, and ensuring our systems continue to run healthily is top priority. If you have any questions or concerns around these recent events, please don’t hesitate to get in touch.

Exit mobile version