So you clicked on that attachment in an email asking you to review an important document, only to realise a colleague didn't send it but instead it came from a hacker masquerading as someone you know. No big deal, you can just close the document, delete the email, have a cup of tea and forget the whole thing ever happened right?
Well, you could be that lucky, or by opening that attachment, you could have invited malware into your machine that is now busy embedding itself in your system and multiplying rapidly, copying itself onto other systems on the network. It won’t take long for the entire office to become someone’s botnet, an army of infected machines unwillingly participating in a DDoS attack or phishing scam. You may not even notice anything is happening. Besides, your antivirus hasn’t popped up warning you of any problems and you deleted the email as soon as you realised it wasn’t legitimate didn’t you. Did you tell your IT department? I bet you didn’t.
This is just one example of the many cyber attacks that happen around the globe on a daily basis. It may seem like a fairly small-scale attack with relatively minor consequences, but it could be so much worse.
Just over a year ago the world was hit by WannaCry, a ransomware crypto worm that used a vulnerability in unpatched Microsoft Windows systems to spread through over 100 countries and infect tens of thousands of systems. Once infected, systems would have their files encrypted and display a ransom notice demanding between $300 and $600 in bitcoin. Unlike the above example, this was a targeted attack, now believed to have been carried out by the North Korea associated group, Lazarus.
Within a matter of hours, the ransomware had successfully infected and spread through the NHS network and rendered all infected systems unusable. This wasn’t just the back office PC’s used for data entry and patient records; GPS equipment, MRI scanners, theatre equipment, blood storage refrigerators and devices for testing tissue samples were also affected. IT support teams nationwide went into crisis control as the situation worsened.
Ambulances had to be diverted; some hospitals had to turn away non-critical emergencies, GP’s surgeries were closed, all as a direct result of this attack.
NHS England identified over 6,000 appointments (including operations) that had to be cancelled as a direct result of the ransomware. Globally this was the tip of the iceberg, factories, banks, telecoms and logistics providers, car manufacturers. All had to stop production due to infected systems.
The spread was significantly stunted when a ‘Kill Switch’ was found by Marcus Hutchins (known online as MalwareTech). The malware payload would look for a certain URL’s existence before beginning the encryption process if the URL existed then the malware would stop. Once this was found, the domain was registered, and all traffic pointed to a ‘honeypot’ server so that further analysis could be done on the malware.
The effects of the attack are still going on even now, in Australia the Victorian government has just announced it will overhaul the network of speed and red-light cameras after an investigation into the outbreak of WannaCry.
Whether large or small, the fallout from a cyber attack can have devastating consequences on your business, however, with the right IT training, user awareness and fully patched systems you can significantly reduce the risk.
Below is a heat map of just how fast WannaCry spread throughout the globe. Have a look and see for yourself just how devastating this attack was.
Malwarebytes WannaCry heat map
Malware attacks are just one of the ways your business is in danger. Get in touch with us at AAG-IT and let us review your IT security systems so that you can be sure your data backup is prepared for a worst case scenario and you are not at risk of losing everything to ransomware.