WannaCry

 Ransomware

WannaCry is ransomware that affected tens of thousands of companies in over 100 countries, targeting the Windows operating system.On May 12, 2017, a massive WannaCry attack hit organizations around the world through phishing emails, then worming their way onto unpatched computers. Once a PC is infected by the ransomware, WannaCry encrypts the data on the machine and demands $300 in Bitcoin to unlock it. According to the BBC, victims included England's National Healthcare System, as well as the telecom giant Telefonica.The Hacker News reports that the attack was carried out using EternalBlue, "an SMBv1 (Server Message Block 1.0) exploit that could cause older versions of Windows to execute code remotely." EternalBlue, which is rumored to have been a cyber weapon developed by the U.S. National Security Agency (NSA), was made public by a hacker group called the Shadow Brokers in early April 2017. A month earlier, Microsoft released a security update to address the issue for newer OSes. After the initial WannaCry attacks, Microsoft also quickly and unexpectedly released patches for the end of support OSes, Windows XP and Windows Server 2003.The Hacker News states that affected systems include "almost all versions of Windows, from Windows 2000 and XP to Windows 7 and 8, and their server-side variants such as Server 2000, 2003, 2008, 2008 R2 and 2012, except Windows 10 and Windows Server 2016." Organizations can protect themselves against ransomware like WannaCry by making sure to apply Microsoft Windows patches that protect against the known SMB vulnerability, training users to spot suspicious phishing emails, and having up-to-date backups of critical data. Is your organization prepared for ransomware attacks? For a list of steps IT departments can take to keep companies safe, check out this guide on how to defend against WannaCry.