/ Insights / Cutting through the noise of the Wannacry Cyber Attack

Free thinking from Grayling people

Cutting through the noise of the Wannacry Cyber Attack

17th May 2017

Friday’s cyber-attack on the NHS has been impossible to miss. Although hospitals and NHS trusts weren’t the only ones affected. Universities and large organisations such as FedEx, Telefónica, the Russian Department of the Interior, and Renault in France were also greatly impacted.

It was this insight from our client Anomali and their in-house information security Labs team that enabled us to gain traction within the media with a comment including yet to be reported information.

The Labs team quickly confirmed that Wanna Decryptor, also known as WannaCry, WanaCry or WCRY, is an encryption-based ransomware that shuts users out of their systems and demands payment in order to decrypt their files. It was leveraging a recent Microsoft bug to spread laterally at a fast rate and it was actually Spain and Russia that were being attacked on a larger scale. Additionally there was also evidence that payments were being made to Bitcoin wallets.

As a result, we had new information to take to media, as previous coverage had been focused on the NHS only, because they had publically announced the disruption. This gave us the opportunity to cut through the noise and secured multiple pieces of national and technology media coverage, including The Independent, WIRED UK, The Daily Mirror, MSN, and The Sun, offering unique insight and practical advice.

At Atomic, we pride ourselves on our close client relationships and utilising real-time collaboration tools such as Slack to get fast, up-to-date information and approvals, to ensure we’re one of the first to contribute to the current news agenda. Although unfortunate for all those involved, it was a great opportunity to offer education on what was happening and what techniques organisations should be implementing in order to prevent this type of attack.

The overall impact of WannaCry is still being reported but the latest statistics suggest that it’s effected 150 countries with 200,000+ infections. While $50k in ransoms have been collected, which is only set to grow.
Anomali’s recommendations include:

• Deploy the MS17-010 patch – notably Microsoft has even released patches for older operating systems such as Windows XP for this vulnerability
• Hide Windows systems behind firewalls and specifically prevent SMB access from the Internet
• Have good backups and business continuity plans
• Stay abreast of new variants of WannaCry or other related malware
• Share observables/indicators with sharing partners or intelligence providers
• Be able to dispel any misinformation that emerges by validating with actual intelligence and observations

Grayling Team

Latest Insights

19th July 2017

Why Mad Men is essential viewing for PRs

Kevan Barber, Account Manager with Atomic, the consumer and tech division of Grayling looks to how Mad Men and the era which it depitcts remains relevant today. This blog is about more than just Mad...

Read More

14th July 2017

The Great Repeal Bill: an administrative headache in the making

Yesterday, the Government published its long-awaited – but no longer Great – Repeal Bill. Formally titled the European Union (Withdrawal) Bill, the Bill begins the process of repealing and...

Read More

12th July 2017

Understanding the Basics of Influencer Marketing

Naddy Onions, Grayling’s Head of UK Digital, shares her insights on influencer marketing and how to get it right.Research:It is critical to thoroughly research prospective influencers before you...

Read More