Hacker preparing a ransomware attack

The recent WannaCry epidemic has elevated the ransomware threat, once seen as a relatively low level nuisance to businesses and consumers, to a far greater and more sinister level of risk. And now on a global scale.

In his statement  to  the Senate Committee on Armed Forces, Admiral Michael S. Rogers, Commander of US Cyber Command, stated, “Criminal actors become a military concern when malicious state cyber actors pose as cyber criminals, or when cyber criminals support state efforts in cyberspace. This means that we take notice when cybercriminals employ tactics, techniques and procedures used by state adversaries”

Admiral Rogers’ comments, three days before WanaCry launched, were subsequently born out by the fact that WannaCry appears to have been a ‘perfect storm’ in terms of the malware attacks we’ve seen so far.

It was indeed ransomware, defined by its primary goal of extorting payment for the release of the victims encrypted files. However WannaCry also also had worm‘ like tendencies that enabled it to self-replicate across networks once one device had been infected. Normally ransomeware relies on phishing emails or illicit links on compromised web sites to trap its’ victims, not so with this particular incarnation.

In addition its’ code bore similarities to code previously used by Lazerous, a North Korean hacking group, suggesting that the attack may have been state sponsored (Who are the Bad Guys?)

So, ransomware, with self replicating capabilities and the resources of a nation state behind it. In the end it seems we were lucky that only 200,000 devices (that we know of) were infected.

Question is; How many will get hit next time?

About Welford Management & Consulting

Welford is a multi faceted technology consultancy providing advice, support and solutions for companies in a wide range of industries. We develop and execute strategies for our clients in three practice areas: Security & Compliance, Business Strategy & Support and Sales & Marketing  Automation. Our expertise comes from a team of individuals who focus on one area of our practice disciplines so that we can bring the necessary skills and experience to the business challenge or opportunity that you’re currently facing.

In the Security & Compliance practice we help assess your current level of risk related to the sensitive customer information that you may hold within your organization. This may be payment card information, personal health information or data on European citizens that fall under the requirements of the General Data Protection Regulation (GDPR) which becomes law on May 25th, 2018. We develop and execute strategies to address your data security requirements and support the implementation of the technologies and processes that help reduce the likelihood of you suffering a damaging and expensive data breach.

 

Set up your FREE risk assessment