The events of last Friday and the weekend have shown that cryptoware can wreak havoc. Ensuring that staff are properly trained is crucial

Paul Glass

Cyber security has been in all the headlines around the world this weekend and it will continue to be so for some time as businesses brace for further attacks this week.

On Friday, computers across 150 countries were infected in the first wave of the WannaCry cyber attack, which uses a category of malware known as ransomware. Once infected, a target’s computer has its files encrypted and the user then gets a ransom demand.

But, what if the WannaCry malware escalates to more than just a ransom demand to decrypt your files? Some “cryptoware” malware not only encrypts data on a computer, but also downloads a copy (to be restored if the ransom is paid) and threatens to delete the version on the infected computer (and servers) if the ransom is not paid.

Data is a key asset of most businesses, whether it is commercially sensitive information, intellectual property, personal data or big datasets. Almost all of that data is now held in electronic format, and new data is being created at exponentially greater rates than ever before. Large infrastructure projects are planned out using BIM and other digital systems, therefore a cyber attack could bring a project to a halt.

Large infrastructure projects are planned out using BIM and other digital systems, therefore a cyber attack could bring a project to a halt

With the increasing interconnectedness of networks and devices, the sophistication of businesses, the way that data is managed and transferred, and the sophistication of attackers, data breach is an inevitability, not a possibility.

The events of last Friday and the weekend have shown that while cryptoware has been around for a while, new variants have the ability to wreak havoc. Businesses that manage a cyber attack well are those that prepare properly in advance. This process starts earlier than breach preparation. Taking steps to identify and protect the right data, and understand the potential risks attaching to that data, is crucial.

Ensuring that staff are properly trained and educated is crucial. Cryptoware such as WannaCry usually spreads between networks by individuals clicking on infected links or opening an infected attachment (although there appear to be doubts emerging as to whether this is in fact how WannaCry has spread). Training staff to be able to identify potentially dangerous emails, and providing them with a quick and easy way to report such emails to IT, is an essential part of any business’ cyber defence. Also businesses must make sure they are up to date with software patches. Microsoft released a patch in March 2017 which closed the vulnerability which WannaCry exploited, but many businesses were still running unpatched systems or operating systems which are no longer supported.

WannaCry has had a serious effect on many businesses and services globally, albeit without (so far) any loss of personal data. If a breach does involve the loss of personal data, the legal and regulatory consequences can be severe. In May 2018 of the General Data Protection Regulation (GDPR) comes into effect, and with it fines of up to €20m or 4% of annual turnover, whichever is higher, for organisations that fail to take appropriate technical and organisational measures to prevent unlawful processing of personal data.

WannaCry is the largest global cryptoware attack to date, and while it has caused severe disruption to many businesses, it has also been relatively quickly dealt with. The next version will be more advanced, and will likely be more difficult to decrypt. Preparing properly is key to not falling victim to cyber attacks.

Paul Glass specialises in cyber security and is a partner at international law firm Taylor Wessing

Topics