Published on May 15th, 2017 | by admin
Symantec commentary on global ransomware outbreak, WannaCry
Last Friday, a new strain of the Ransom.CryptXXX (WannaCry) strain of Ransomware began spreading, widely impacting a large number of organisations across the globe.
Symantec’s assessment of the issue can be found here: https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware
Please also find below local commentary from Nick Savvides, Symantec Security Expert:
“This attack starts off as a regular ransomware attack, with emails sent to users tricking them to open the attached malware file which infects their computers. What is different about this attack though, is rather just infect encrypt the contents on the computer it is run on, it can automatically spread to other computers on the same network encrypting their files as well all without any human intervention.”
“Ransomware is a major problem in Australia, and this attack is no different. This is not a targeted attack, which means many people will receive the malicious emails. Symantec and Norton protect millions of users in Australia and the telemetry has shown that Australians have been targeted with most attacks being blocked. According to Symantec’s latest Internet Threat Security Report (ISTR), Australia was third highest country in APJ at risk of ransomware, and 11th in the world.”
“Ransomware doesn’t discriminate and affects home and business users. Typically, home users are more likely to pay ransoms as their data tends to be stored on one or two computers. While businesses have backups and many computers, unfortunately in this instance it may not be enough as the ransomware can rapidly spread to those systems. Symantec and Norton customers are protected against WannaCry using a combination of technologies.”
Best practices for protecting against ransomware:
- Always keep your security software up to date to protect yourself against ransomware, as new variants appear on a regular basis.
- Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
- Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
- Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
- Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.
- Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form.
Ransomware stats from the latest Symantec Internet Security Threat Report:
- The average ransom per victim grew to $1,077 in 2016, up from $294 in 2015 (266% increase).
- Ransomware attacks grew to 463,841 in 2016, up from 340,665 attacks in 2015 (36% increase).
- More than 70 percent of malware attacks on the healthcare industry were ransomware in 2016, including hospitals, pharmacies and insurance agencies.
- 1 in 131 emails contained a malicious link or attachment in 2016 – the highest rate in five years.
- There was a two-fold increase in attempted attacks against IoT devices over the course of 2016 and, at times of peak activity, the average device was attacked once every two minutes.