May 19, 2017

May 19, 2017

Subscribe to Latest Legal News and Analysis

May 18, 2017

Subscribe to Latest Legal News and Analysis

May 17, 2017

Subscribe to Latest Legal News and Analysis

May 16, 2017

Subscribe to Latest Legal News and Analysis

Ransomware Attack – Quick Facts

UPDATE:  Europol chief Rob Wainwright told the BBC, “Companies need to make sure they have updated their systems and ‘patched where they should’ before staff arrives for work on Monday morning.”

By now, you may have heard about the global ransomware attacks affecting health care and other organizations throughout the world, in particular the United Kingdom, but also in the United States. The ransomware variant, called “Wanna Decryption” or “WannaCry” works like any other ransomware: once it is inadvertently installed, it locks up the organization’s data until ransom is paid.  Here are some quick facts about the WannaCry attack and suggestions for avoiding it.

How does ransomware get onto a system generally? 

Ransomware installs on a victim’s computer when a user clicks on a malicious link in a “phishing” email (or an email designed to trick the user into thinking that it is from a known or legitimate source). Ransomware can also be downloaded through infected file attachments or visiting a website that is malicious in nature.  WannaCry appears to be delivered through links in phishing emails.  You can read more about ransomware generally herehere and here.

How does WannaCry work? 

WannaCry affects systems that are behind in their Windows patching. There is actually a patch for the vulnerability exploited by WannaCry (see, US-CERT article on Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010).

Is any system particularly vulnerable? 

Because Windows Server 2003 or older, and Windows XP or older on the desktop, have been discontinued by Microsoft and are unsupported, these systems are particularly vulnerable. In response, Microsoft has TODAY released emergency security patches to defend against the malware for these unsupported versions of Windows, such as XP and Server 2003.   Everyone should be actively checking systems and updating.

What are immediate steps for an organization that is attacked?

An organization that is attacked should immediately isolate the affected systems and networks to avoid the spread of the malware and contact law enforcement.

How can a WannaCry victim regain access to data?  

Once WannaCry or other ransomware installs and locks up a victim’s data, the only alternatives are: 1) restore data from clean backup systems; or 2) pay the ransom.

How can WannaCry and other types of ransomware be avoided? 

  • A comprehensive and continually updated security risk assessment

    • A security risk assessment that doesn’t address ransomware is out of date

  • Workforce training on ransomware – make sure that the workforce understands the importance of avoiding suspicious email messages, links and attachments

  • Workforce testing on ransomware – send suspect phishing emails and see how many click on the suspicious links.

  • Maintain comprehensive data backup systems – make sure that they are easily accessible in the event of an emergency (practice accessing them in a non-emergency)!

We will provide further information on the WannaCry attack as it becomes available.

©1994-2017 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

Dianne Borque, Health Care, licensure, risk management, attorney, Mintz Levin
Of Counsel

Dianne advises a variety of health care clients on a broad range of issues, including licensure, regulatory, contractual, and risk management matters, and patient care. A large part of her practice involves counseling researchers and research sponsors in matters related to FDA and OHRP regulated clinical research, including patient consent, access to and use of tissue and associated patient information, and the Institutional Review Board process.

She also counsels health care clients and other business entities on the requirements of the HIPAA Privacy Rule and Security Standards,...

(617) 348-1614
Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm
Member

Cynthia is Chair of the firm’s Privacy & Security Practice and a Certified Information Privacy Professional (CIPP).  She represents companies in information, communications, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions.

Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions.

617-348-1732