WannaCry Ransomware Strikes. Now What?

WannaCry Error message

May 17, 2017 by Ideal Business Partners

If your network hasn't been frozen over by the WannaCry payload, you're one step ahead of the United Kingdom's National Health Service.

On May 12, the most widespread ransomware attack we've ever seen started infecting computers in Asia. By May 14, the attack had spread to more than 150 countries, hammering businesses, governments and healthcare networks, including the NHS.

The British healthcare system was forced to postpone surgeries and divert patients from seven hospitals to other facilities, as workers scrambled to access patient records on computers that had been compromised. Up to 70,000 devices operated by NHS could have been affected, including MRI scanners and blood-storage units. If you were looking for a dramatic downside to the digital revolution, especially in the healthcare arena, this is it.

As of May 16, at least two hospitals were still down for the count, but they didn't have to be. All of this damage was preventable. The attack mainly targeted computers that ran Windows 7 or older versions of the operating system. Microsoft was aware of the security flaw in the older systems and issued a patch to address it in March this year. WannaCry exploits that vulnerability.

"Apple or Microsoft regularly send updates out. Unless these updates are marked as 'critical or urgent,' people will let them sit and fester for weeks before they get around to installing it," Ideal Business Partners' Malvika Rawal said. "Install updates right away, or at least turn auto-updates on, and it will do it by itself. In addition, install antivirus protection and firewalls for sure. Apart from that, make sure that all the systems are regularly updated."

Ransomware like WannaCry spreads like most other viruses, through phishing e-mails or across compromised networks. When it gets hold of your system, it encrypts your files unless you pay the ransom (in this case, $300 in bitcoin). If you don't pay up in three days, the ransom doubles. If you don't do it in seven, your files are permanently locked. So much for mulling the situation over.

In the United States, the effects of WannaCry have been limited so far, but that doesn't mean it can't make its way here in some capacity. Universities in the rest of the world have been particularly vulnerable, with many people relying on those institutions for major healthcare needs. They pose a bigger risk than an NHS-style attack to Medicaid and Medicare. Meanwhile, hackers continue to adjust the payload in response to security professionals' countermeasures.

"I don't know why people are complacent, but they are, about the way the U.S. 'protected itself,' but it's a very false sense of complacency," Rawal said. "We need to mobilize people to understand that while the ask was small, the price to pay will be much larger. If a private practitioner's office gets hit, and the ask is small (like $300), most doctors will pay."

It may seem like an annoyance, but ransomware violations open healthcare practice owners translate into HIPAA violations, big, fat fines, and reputational damage.

"In the letter of the law, if there's a breach and you are not complaint, i.e. you don't have the mitigating factors in place, if you don't have backups, if you don't have encryption, you will be fined," Rawal said. "If you do have the backup, the dollar amount you will have to pay will be lower. It's right there in the Code of Federal Regulations. If your computer got encrypted and you were completely locked out, but you had a backup, you are at least not turning patients away from care. That's what happened in the U.K. If they had backups, they wouldn't have had to do that."

Once you've backed up all your information, got your operating system up to date with all the most recent patches, and you've got your firewall in place, make sure you're avoiding sketchy e-mail attachments from people you don't know. If something does happen, disconnect your machine from your network immediately, by either pulling the Ethernet cable or killing the Wi-Fi. You don't want one outbreak monkey getting the whole city sick.