/ Insights / Cutting through the noise of the Wannacry Cyber Attack

Free thinking from Grayling people

Cutting through the noise of the Wannacry Cyber Attack

17th May 2017

Friday’s cyber-attack on the NHS has been impossible to miss. Although hospitals and NHS trusts weren’t the only ones affected. Universities and large organisations such as FedEx, Telefónica, the Russian Department of the Interior, and Renault in France were also greatly impacted.

It was this insight from our client Anomali and their in-house information security Labs team that enabled us to gain traction within the media with a comment including yet to be reported information.

The Labs team quickly confirmed that Wanna Decryptor, also known as WannaCry, WanaCry or WCRY, is an encryption-based ransomware that shuts users out of their systems and demands payment in order to decrypt their files. It was leveraging a recent Microsoft bug to spread laterally at a fast rate and it was actually Spain and Russia that were being attacked on a larger scale. Additionally there was also evidence that payments were being made to Bitcoin wallets.

As a result, we had new information to take to media, as previous coverage had been focused on the NHS only, because they had publically announced the disruption. This gave us the opportunity to cut through the noise and secured multiple pieces of national and technology media coverage, including The Independent, WIRED UK, The Daily Mirror, MSN, and The Sun, offering unique insight and practical advice.

At Atomic, we pride ourselves on our close client relationships and utilising real-time collaboration tools such as Slack to get fast, up-to-date information and approvals, to ensure we’re one of the first to contribute to the current news agenda. Although unfortunate for all those involved, it was a great opportunity to offer education on what was happening and what techniques organisations should be implementing in order to prevent this type of attack.

The overall impact of WannaCry is still being reported but the latest statistics suggest that it’s effected 150 countries with 200,000+ infections. While $50k in ransoms have been collected, which is only set to grow.
Anomali’s recommendations include:

• Deploy the MS17-010 patch – notably Microsoft has even released patches for older operating systems such as Windows XP for this vulnerability
• Hide Windows systems behind firewalls and specifically prevent SMB access from the Internet
• Have good backups and business continuity plans
• Stay abreast of new variants of WannaCry or other related malware
• Share observables/indicators with sharing partners or intelligence providers
• Be able to dispel any misinformation that emerges by validating with actual intelligence and observations

Grayling Team

Latest Insights

16th November 2017

The autumn of discontent?

Theresa May’s Government are suffering an undeniable autumn of discontent. Heading in to party conference it was the opinion of the Westminster village that the Prime Minister was two crises away...

Read More

31st October 2017

Spain and its regions: Ever greater disintegration

Adrian Elliot, of Grayling Spain's Public Affairs team, compares the case for independence in Scotland and the Region of Catalonia.Driving around Spain, you could be forgiven for asking yourself...

Read More

12th October 2017

Does the SNP have new purpose?

The SNP met in unusual circumstances for their 82nd national conference at Glasgow’s SECC. No elections. No referendums. No leadership contests. It all felt very strange. Scotland being knocked out...

Read More