/ Insights / Cutting through the noise of the Wannacry Cyber Attack

Free thinking from Grayling people

Cutting through the noise of the Wannacry Cyber Attack

17th May 2017

Friday’s cyber-attack on the NHS has been impossible to miss. Although hospitals and NHS trusts weren’t the only ones affected. Universities and large organisations such as FedEx, Telefónica, the Russian Department of the Interior, and Renault in France were also greatly impacted.

It was this insight from our client Anomali and their in-house information security Labs team that enabled us to gain traction within the media with a comment including yet to be reported information.

The Labs team quickly confirmed that Wanna Decryptor, also known as WannaCry, WanaCry or WCRY, is an encryption-based ransomware that shuts users out of their systems and demands payment in order to decrypt their files. It was leveraging a recent Microsoft bug to spread laterally at a fast rate and it was actually Spain and Russia that were being attacked on a larger scale. Additionally there was also evidence that payments were being made to Bitcoin wallets.

As a result, we had new information to take to media, as previous coverage had been focused on the NHS only, because they had publically announced the disruption. This gave us the opportunity to cut through the noise and secured multiple pieces of national and technology media coverage, including The Independent, WIRED UK, The Daily Mirror, MSN, and The Sun, offering unique insight and practical advice.

At Atomic, we pride ourselves on our close client relationships and utilising real-time collaboration tools such as Slack to get fast, up-to-date information and approvals, to ensure we’re one of the first to contribute to the current news agenda. Although unfortunate for all those involved, it was a great opportunity to offer education on what was happening and what techniques organisations should be implementing in order to prevent this type of attack.

The overall impact of WannaCry is still being reported but the latest statistics suggest that it’s effected 150 countries with 200,000+ infections. While $50k in ransoms have been collected, which is only set to grow.
Anomali’s recommendations include:

• Deploy the MS17-010 patch – notably Microsoft has even released patches for older operating systems such as Windows XP for this vulnerability
• Hide Windows systems behind firewalls and specifically prevent SMB access from the Internet
• Have good backups and business continuity plans
• Stay abreast of new variants of WannaCry or other related malware
• Share observables/indicators with sharing partners or intelligence providers
• Be able to dispel any misinformation that emerges by validating with actual intelligence and observations

Grayling Team

Latest Insights

24th May 2017

Will social media campaigns help swing the #GE2017 vote?

Political leaders are hitting the campaign trail hard ahead of the nation casting their vote in the General Election in just two-weeks’ time. Whilst door-to-door campaigning remains at the forefront...

Read More

22nd May 2017

Computer says no: Three key lessons from the NHS cyber-attacks

On Friday 12 May, the NHS was hit by what Europol has called, ‘the largest ransomware attack observed in history.’ 47 NHS Trusts in England and 13 Scottish NHS Organisations were impacted by...

Read More

19th May 2017

Conservative Manifesto - New Economy overview and briefing

Key announcements in the Conservative manifesto for the new economyRights and protections in the ‘gig’ economyIn the manifesto, the Conservatives make it clear that the rise of the gig-economy has...

Read More