May 12, 2017

Executive Summary

The WannaCry malware attack that started in the UK on May 12 has reportedly spread to more than 70 countries, including the US, Italy, China, and Russia. The attack exploits a Microsoft Windows vulnerability dubbed 'EternalBlue' (MS17-010) that was recently leaked to the public by the Shadow Brokers hacker group. The vulnerability allows the malware to encrypt files, folders, and drives, rendering them unusable. The malware also produces a message demanding a ransom payment in bitcoin in exchange for a decryption key.

Key Judgments

  • Hackers have been able to access computer networks through phishing attempts using emails and infected attachments. Multiple reports suggest that most of the WannaCry attacks have featured infected .zip files. 
  • The short-term ramifications of the attack are currently unclear; individual organizations could temporarily shut down network access to prevent infection while their systems are patched. 
  • Widespread, preventative network shutdowns could temporarily affect email, file transfers, and other business-critical functions.  

UK Initially Targeted

The ransomware cyberattack began affecting National Health Service (NHS) IT infrastructure at multiple hospitals in England on the afternoon of May 12, preventing medical personnel from accessing computer systems responsible for patient records and other associated data. Authorities said at least 16 NHS organizations had been affected, including hospitals and trusts in London, Blackburn, Hertfordshire, Nottingham, Cumbria, and Warwickshire. East and North Hertfordshire NHS Trust said their phone systems had also malfunctioned. Health officials in Scotland announced that IT infrastructure at facilities in Dumfries and Galloway had also been affected.

Officials advised the public to only seek medical care for urgent conditions until the situation was resolved. The cyberattack caused significant disruptions to service at public health facilities; some affected facilities shut down their computer systems. Patients were relocated to medical facilities unaffected by the cyberattack. Authorities implemented contingency plans to deal with the IT outage. Government officials did not provide a time frame for the normalization of services.

Mitigation Strategies

Organizations and individuals worldwide should observe the following strict cybersecurity precautions:

  • Do not open email attachments from unfamiliar or untrustworthy sources.
  • f possible, temporarily refrain from sending attachments.
  • Immediately report any suspicious communications or activity to corporate information security departments.

Ensure that computers and mobile devices are running the latest available operating system and have the latest security patches installed. Update security software on all devices, especially before remotely accessing corporate networks

This Special Report is copyrighted material of WorldAware, Inc. and shall not be reproduced or redistributed in any form without express written consent of WorldAware. WorldAware, Travel Intelligence and Worldcue are registered trademarks of WorldAware. All rights reserved. © 2017 WorldAware, Inc.

The information in this document is provided by WorldAware, Inc. for your internal use only. While WorldAware constantly monitors the changing world situation and strives for accuracy and timeliness, this information is provided to you on an "as is" basis, and your use of this information is solely at your own risk.