The largest ransomware attack in history hit many organizations worldwide over the past few days. Known as the “WannaCry” worm, it encrypts the files on a computer and demands a $300 ransom payable in Bitcoin before unlocking it. Last year, according to the Department of Justice, 4,000 ransomware attacks happened daily. As of Friday, over 200,000 computers in 150 countries were hit by this one ransomware variant, according to Europol. Now that people are back to work again this week, organizations in Asia have reported that they are affected as well.
The most common types of data that are typically affected by ransomware attacks are employee, patient or customer information, as well as financial data. Attackers have also targeted infrastructure systems in the past. For example, in November 2016, hackers compromised and encrypted data from around 900 systems from San Francisco’s Municipal Transportation Agency. The key takeaway is that if your company’s data has value and you need it to run your business, then it’s vulnerable to attack.
One of the main reasons why ransomware attacks are successful is due to the number of employees who have data resting on their endpoint and the cyber-literacy of these employees. Last month, Dell released its end user security survey of 2,608 people who handle confidential data as part of their job. The results showed that more than 1 in 3 (36 percent) will frequently open emails from unknown senders at work, opening themselves and the organization to ransomware attacks.
So what can companies do to protect themselves? It is imperative that businesses take a multi-layered approach that address all facets of cybersecurity:
- Have robust security solutions in place to protect critical data and prevent threats from taking place. This includes advanced threat prevention to help stop the threats, data encryption so that even if someone obtains your data it can’t be used, and back-up and recovery solutions to get up and running again if a breach occurs.
- Educate employees about their role in security and encourage employees to think before they act. Employees should be wary of communications are either unsolicited, or that implore you to act immediately or ask for personal information. That urgent email from your bank asking you to click to verify your information may not be from your bank. When it doubt, don’t click on the link or open the attachment.
- Keep the security solutions that you do have in place updated and deploy all patches promptly. This attack occurred because of a vulnerability in Windows for which Microsoft released a patch back in March. While many organizations do not have security specialists on staff or limited budgets, every organization needs to prioritize software maintenance as well as the deployment of patches in order to reduce the areas of vulnerability.
- And lastly, have a back-up plan. In the event things go wrong, organizations must have robust data recovery solutions in place to be able to meet any application recovery time objectives set forth by the business. This could be the difference between companies that bounce back quickly in the event of catastrophe and those that don’t.
Dell has taken these steps and we are currently reviewing our internal systems, our products and our hosted services to make sure we protect ourselves and our customers from this attack. For those looking to understand how to protect themselves going forward, Dell Technologies have several security products available that can help.
With an attack of this size and scope, many people are asking if they can be affected at home, and the answer is yes if you are using Microsoft Windows Operating Systems other than Windows 10. Microsoft released a patch for the flaw, so if you have automatic updates turned on, you should be protected. If you don’t have automatic updates enabled or you would like to learn more about how to ensure your computer is up to date, take look at this article from Microsoft.
As we have more information, we will be sure to update you here and link out to helpful resources. If you have questions, be sure to let us know and we’ll do our very best to address.
[UPDATE 5/18/17]
For more insight, check out the new findings from SecureWorks Counter Threat Unit‘s analysis.
[UPDATE 5/23/17]
We have heard from many of our customers over the past week asking more about what they can do to protect their devices and data, including solutions offered across Dell to help keep them secure. We are publishing a series of blogs to dive in deeper on various aspects of the topic. First up is a blog by Jim Shook of the Dell EMC Data Protection group, which looks at “The Real Costs of Ransomware.”