May 22, 2017

May 22, 2017

Subscribe to Latest Legal News and Analysis

May 19, 2017

Subscribe to Latest Legal News and Analysis

Wanna Cry?: Global Ransomware Attack

Some tears are undoubtedly being shed as what is likely the single largest cyberattack of 2017 makes its way around the world, paralyzing computer systems and businesses. The WannaCry ransomware attack is believed to have begun either with phishing emails containing malicious links or documents containing the virus. The attack targets computers that did not patch a vulnerability in Windows 10, Windows 7, Windows XP, and Windows servers. Once those corrupted emails or files are opened, not only does the virus encrypt files from a long list of file types, but it also scans the networks connected to that computer in search of similar vulnerabilities so that it can spread to other file systems and computers, and eventually hold entire file systems hostage. The organization’s files will remain encrypted unless it pays ransomware in bitcoin ranging from $300 to $600.

Once it’s in, WannaCry ransomware begins its insidious work by anonymizing communications with the attacker’s servers (hiding their names and locations). By making these communications anonymous, the criminals hide their attack and prevent the victim from intercepting keys that would unlock the data or bitcoin payment a victim might send. WannaCry uses a number of executable files to carry out different parts of the infection, which, in essence, scrambles the data into a new unusable format. The virus can read and encrypt 160 different file types. You will know that you are a victim if your files retain their names but have a .wcry or .wncry extension (as opposed to, for example, .docx or .vsdx). If that isn’t bad enough, WannaCry deletes all original files using files with these names: WMIC.exe, vssadmin.exe and cmd.exe. If the WannaCry virus has not yet been deployed in your organization, check to see if any of these files are on your system, and delete them to avoid inadvertently launching the virus.

Even if your organization does not currently believe that it has been affected by this virus, it should back up important files and install the latest Microsoft patches across its entire infrastructure where the Windows OS is used. Microsoft has issued an emergency patch, and since this virus can impact Windows 10, 7, XP, and servers, the entire infrastructure should be protected. This is especially important because the malware scans the entire local area network, then begins propagating the viral code to accessible external IP addresses.

The following are some best practices to protect against malware threats:

  • Keep all software up-to-date, including all security updates and patches.

  • Do not open or click on any emails from unrecognized senders.

  • Back up files regularly on systems that are not connected to your main system.

  • Make certain all files uploaded to a system from any source are virus scanned with software that detects the virus.

  • Remove plugins and add-ons to browsers that are not certified to be virus free, and keep other plug-ins up to date, such as Adobe Flash Player, Adobe Reader, Java, etc.

  • Keep all employees informed of their roles in abiding by your organization’s best practices.

© MICHAEL BEST & FRIEDRICH LLP

TRENDING LEGAL ANALYSIS


About this Author

Adrienne Ehrhardt, Michael Best Law Firm, Corporate and Transactional Attorney
Partner

Known for giving practical and actionable legal advice, Adrienne counsels clients on the many complex aspects of privacy and data management matters.

Her extensive background includes experience with issues relating to the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), and the Telephone Consumer Protection Act (TCPA), as well as privacy programs and cyber security issues.

Prior to joining Michael Best, Adrienne served as the in-house lead attorney in privacy and data protection at CUNA Mutual...

608-283-0131
Joel Henry, Michael Best Law Firm, Intellectual Property Attorney
Managing Partner

Joel counsels start-up and growth phase companies regarding the development and protection of their intellectual property. With his background as a computer scientist, Joel is uniquely situated to provide strategic counsel in the intersecting realms of law and technology.

With their business goals and long-term growth in mind, Joel utilizes his deep understanding of technology to guide start-ups and clients with respect to business formation, contracts, and intellectual property, including patents, trademarks, trade secrets, and licensing. He is particularly experienced with the legalities involved with cutting edge technologies such as drones, data gathering and mining, and data privacy and security.

406-218-2282