/ Insights / Cutting through the noise of the Wannacry Cyber Attack

Free thinking from Grayling people

Cutting through the noise of the Wannacry Cyber Attack

17th May 2017

Friday’s cyber-attack on the NHS has been impossible to miss. Although hospitals and NHS trusts weren’t the only ones affected. Universities and large organisations such as FedEx, Telefónica, the Russian Department of the Interior, and Renault in France were also greatly impacted.

It was this insight from our client Anomali and their in-house information security Labs team that enabled us to gain traction within the media with a comment including yet to be reported information.

The Labs team quickly confirmed that Wanna Decryptor, also known as WannaCry, WanaCry or WCRY, is an encryption-based ransomware that shuts users out of their systems and demands payment in order to decrypt their files. It was leveraging a recent Microsoft bug to spread laterally at a fast rate and it was actually Spain and Russia that were being attacked on a larger scale. Additionally there was also evidence that payments were being made to Bitcoin wallets.

As a result, we had new information to take to media, as previous coverage had been focused on the NHS only, because they had publically announced the disruption. This gave us the opportunity to cut through the noise and secured multiple pieces of national and technology media coverage, including The Independent, WIRED UK, The Daily Mirror, MSN, and The Sun, offering unique insight and practical advice.

At Atomic, we pride ourselves on our close client relationships and utilising real-time collaboration tools such as Slack to get fast, up-to-date information and approvals, to ensure we’re one of the first to contribute to the current news agenda. Although unfortunate for all those involved, it was a great opportunity to offer education on what was happening and what techniques organisations should be implementing in order to prevent this type of attack.

The overall impact of WannaCry is still being reported but the latest statistics suggest that it’s effected 150 countries with 200,000+ infections. While $50k in ransoms have been collected, which is only set to grow.
Anomali’s recommendations include:

• Deploy the MS17-010 patch – notably Microsoft has even released patches for older operating systems such as Windows XP for this vulnerability
• Hide Windows systems behind firewalls and specifically prevent SMB access from the Internet
• Have good backups and business continuity plans
• Stay abreast of new variants of WannaCry or other related malware
• Share observables/indicators with sharing partners or intelligence providers
• Be able to dispel any misinformation that emerges by validating with actual intelligence and observations

Grayling Team

Latest Insights

14th September 2017

Did “Mayism” survive the election? The future of public sector pay could provide the answer

In an uncomfortable ten-minute interview on Radio 4’s Today programme this week, Shadow Justice Minister, Richard Burgon, refused no less than five times to clarify Labour’s position on supporting...

Read More

7th September 2017

Silly Season is over; it’s back to business

The past 18 months of British politics have been conducted at a pace, and with a fluidity, not seen since the 1970s. Careers have been made and broken. The future of the country and the outlook for...

Read More

5th September 2017

‘Confidence and supply’: an insight into the DUP’s role in a minority government

‘Confidence and supply’: an insight into the DUP’s role in a minority governmentA breakfast panel discussion with DUP MP for East Belfast, Gavin Robinsonand DUP Head of Policy & Campaigns, Cllr...

Read More