WannaCry? No, thanks.
On May 12th, the biggest ever global cyber-attack based on ransomware hit systems worldwide, with over 100 countries victim to the attack named ‘WannaCry’ or ‘WCrypt’. It first struck the United Kingdom, where systems across the National Health Service were infected.
How it works – and how it spreads
Initial analysis points to a program which has the ability to move around a network by itself – something known as a worm. It took advantage of a flaw in all versions of Windows prior to Windows 10.
The initial infection likely came about via an e-mail containing bogus invoices, credit notes, bills or even a CV. Once the first machine has been attacked, it will find other vulnerable machines and infect them too. The Wcrypt ransomware then encrypts all files present on the system and demands a ransom, ranging from 300 to 600 dollars, to be paid in bitcoin in order to get the files back.
Besides encrypting files, WannaCry also installs a backdoor program called DoublePulsar, which allows hackers to remotely access the system even after the ransom has been paid, meaning that they can obtain, once again, the previously encrypted files.
The best way to protect systems is by installing a free patch released by Microsoft on March 14th, MS17-010 (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx) and, if the system has already been infected, carry out detailed tests to verify any backdoors which could still be active.
Protecting your organisation: solutions from Marsh and Marsh Risk Consulting
During the Davos World Economic Forum, Marsh & McLennan Companies co-presented a report with FireEye which highlighted the rise in ransomware attacks across 2016. These attacks will continue to increase in frequency and potency, although the exact extent is still unknown.
In this case, organisations should define risk management programs for those risks related to system security, combining prevention and mitigation (ensuring a rise in awareness and internal resilience) using the risk transfer tools available on the insurance market.
Regarding protection, Marsh Risk Consulting offers a combination of services across three major areas:
- Cybersecurity Program Management, which addresses the management of company security from a strategic point of view, utilising a tool to assess and manager cyber risks.
- Ongoing activities as part of Cybersecurity Awareness, which includes training and simulations of crises in organisations and social engineering attacks.
- Vulnerability Assessment and Penetration Test, allowing regular monitoring of infrastructural exposure levels in those areas most vulnerable to attack.
Insurance-wise, cyber policies cover for the loss, destruction and non-authorised disclosure of information and files of both a personal and sensitive nature, and also in case of system interruption/compromise. Such occurrences can cause direct damage to the insured or third parties. The policy can come into force for any number of reasons, from a violation of personal data, security or system flaws, or even a negligent oversight on behalf of an employee.
In case of a ransomware attack, the policy also covers:
- Cost of ransom demands, and all consultancy-related costs, including an expert in ransomware in order to identify the cause and bring an end to the ransom demands;
- Lost revenue and any additional expenses to mitigate for business interruption and related impact on earnings;
- Costs of running an event on personal data violation, including the presence of systems experts, legal advisors, and public relations staff.