What is WannaCry, and should you be worried?
On Friday, May 12, 2017, WannaCry—one of recent history's most damaging and widespread forms of ransomware—rapidly infected more than 230,000 computers in over 150 countries.1 WannaCry spreads from one PC to another by compromising an unpatched Microsoft® vulnerability in Windows® PCs—in many cases victims didn't even click or open anything. It comes with a countdown, and as time goes on ransom increases, and when time runs out it destroys your files. Many experts predict a more dangerous form of ransomware in the near future that could be worse than WannaCry.
Ransomware is essentially cyber extortion because it delivers malicious software that holds your files captive until a ransom is paid. It features an unbreakable encryption, leaving you at the cybercriminal's mercy to unlock the files. At first, you might not even notice you are under attack. In fact, one in 10 U.S. businesses can take up to a year to discover that a breach has occurred.2 You notice when you try accessing a file and an alert message pops up demanding a ransom to be paid in bitcoins, the currency of choice due to its anonymous nature. Some victims pay the ransom out of desperation, and if “luck” is on their side a decryption key is granted. The FBI does not recommend cooperating with cybercriminals because there are no guarantees. There is no effective law enforcement against ransomware attacks, and it is virtually impossible to apprehend cybercriminals.
How can you become a victim?
It's much easier than you think to be victimized. The majority of the time, cybercriminals can gain entry into your system by sending spear phishing emails with infected links or attachments that appear harmless. Once an employee clicks the link or downloads the attachment, it spreads like wildfire locking and encrypting the files on their PC. It doesn't stop there, the malicious software quickly finds its way into your network—potentially bringing your business to a halt. But email isn't the only culprit, intrusions can come from a website or web application, social media, USB stick, business application or from an unknown source. 3