I’d guess that the individuals behind cyber crimes often think of their actions as being a “victim-less” crime. "It’s only money", they think, as they are targeting large organizations with deep pockets. Often, their victims are covered by insurance anyway.
As it spreads across the world, WannaCry 2 (Wana Decrypt0r 2.0) has a mad, massive, impact. At the time of writing, it has been reported in 11 countries. Telefonica (the largest mobile phone operator in Spain) was reported as having 85% of machines infected and have instructed their employees to switch off their computers – effectively taking down the entire organization as the senior management try to protect what little data they have left.
The NHS (National Health Service) of the UK has likewise been broadly impacted – they have shut down systems, which means that they can’t take incoming phone calls. These are hospitals. Lives are literally at risk as a result of this heinous act of sabotage.
When we heard the news in 1E our first thought was of our customers – were any of them affected? Our very next thought was of ourselves – did we have any Wanna Cry 2 ransomware in our computers? We were able to answer the second question immediately. Our IT Department used Tachyon to search for .wncry extensions – we knew immediately (literally immediately) that our devices in India, the UK, Ireland, and the US were all clear.
Then we heard that one of our customers was indeed infected. Luckily they had Tachyon deployed across their endpoints. We were able to immediately identify how far it had spread and we could isolate those machines.
The next step was to remove the ransomware – which we did with Tachyon. Last but not least is the challenge of getting the encrypted files back without paying the criminals behind the attack $300 worth of bitcoin for each computer infected.
If you are concerned about active or potentially passive WannaCry 2.0 infections in your organization, please get in touch. We are here to help. And we can do it NOW.