Cutting through the noise of the WannaCry cyber attack

Friday’s cyber-attack on the NHS has been impossible to miss. Although hospitals and NHS trusts weren’t the only ones affected. Universities and large organisations such as FedEx, Telefónica, the Russian Department of the Interior, and Renault in France were also greatly impacted.

It was this insight from our client Anomali and their in-house information security Labs team that enabled us to gain traction within the media with a comment including yet to be reported information.

The Labs team quickly confirmed that Wanna Decryptor, also known as WannaCry, WanaCry or WCRY, is an encryption-based ransomware that shuts users out of their systems and demands payment in order to decrypt their files. It was leveraging a recent Microsoft bug to spread laterally at a fast rate and it was actually Spain and Russia that were being attacked on a larger scale. Additionally there was also evidence that payments were being made to Bitcoin wallets.

As a result, we had new information to take to media, as previous coverage had been focused on the NHS only, because they had publically announced the disruption. This gave us the opportunity to cut through the noise and secured multiple pieces of national and technology media coverage, including The Independent, WIRED UK, The Daily Mirror, MSN, and The Sun, offering unique insight and practical advice.

At Atomic, we pride ourselves on our close client relationships and utilising real-time collaboration tools such as Slack to get fast, up-to-date information and approvals, to ensure we’re one of the first to contribute to the current news agenda. Although unfortunate for all those involved, it was a great opportunity to offer education on what was happening and what techniques organisations should be implementing in order to prevent this type of attack.

The overall impact of WannaCry is still being reported but the latest statistics suggest that it’s affected 150 countries with 200,000+ infections. While $50k in ransoms have been collected, which is only set to grow.
Anomali’s recommendations include:

• Deploy the MS17-010 patch – notably Microsoft has even released patches for older operating systems such as Windows XP for this vulnerability
• Hide Windows systems behind firewalls and specifically prevent SMB access from the Internet
• Have good backups and business continuity plans
• Stay abreast of new variants of WannaCry or other related malware
• Share observables/indicators with sharing partners or intelligence providers
• Be able to dispel any misinformation that emerges by validating with actual intelligence and observations