Over the past weekend, ransomware WannaCry (or WannaCrypt) has been wreaking havoc on 230,000 computers (to date) in 150 countries around the globe, with a big part of the attack targeting UK computers, where several NHS hospitals were forced to turn patients away due to hacked computer systems.
The attack also attacked other governmental entities, as well as corporates like car manufacturer Nissan and global shipper FedEx , which raised worldwide concern about the vulnerability of our vehicles and aircrafts.
According to Eyal Wachsman, CEO of Israeli cyber-security startup Cymulate, WannaCry has been spreading extremely fast. Over the past 24 hours, his team has identified “hundreds of variations of this ransomware,” he tells NoCamels, and adds: “security updates are extremely important, and organizations that update their systems on a daily basis are less vulnerable.”
If you think your computer might have been infected, you may check its condition using Cymulate’s online tool. Developed in Israel, Cymulate Mail provides another layer of protection for emails, from which the majority of infectious links – like WannaCry – originate.
The company’s unique cyber-simulation platform assesses the security preparedness of its customers’ systems, and is continuously monitoring systems for vulnerabilities. Founded in 2016 by Wachsman and Avihai Ben-Yossef, Cymulate has so far raised $3 million from Susquehanna Growth Equity.
An unprecedented attack
This unprecedented cyber-attack has affected “multiple global organizations that are experiencing a large-scale ransomware attack which is utilizing SMB to propagate within their networks,” according to Israeli cyber-security giant Check Point. Server Message Block (SMB) is used for providing shared access to files and printers. The ransomware was spread by a link within an email (“phishing”) which started the infection chain.
According to Israel’s National Cyber Event Readiness Team, the WannaCry ransomware encrypts your files and demands $300-$600 to decrypt them. By clicking on the infected link, the worm shuts down access to computer files and demands ransom payments, as shown in this screenshot:
Lital Asher-Dotan, senior director of marketing at Israeli cyber-security firm Cybereason, says this widespread global ransomware attack is the result of NSA malware recently leaked by hacker group Shadow Brokers, which published several leaks containing some of the National Security Agency’s hacking tools. “Ransomware evolves, and new variants attack organizations and individuals every day,” she warns.
Founded in 2012 by Yossi Naar, Yonatan Amit and Lior Div, startup Cybereason has so far raised $89 million from investors, including Lockheed Martin, Spark Capital, SoftBank and CRV.
Veteran Israeli cyber-security firm Radware (NASDAQ: RDWR) already warned its clients a week ago about WannaCry. The company’s research unit regularly monitors online ransom attempts, and notified its clients last week when it identified the first attempts against a handful of organizations. In 2016, 49 percent of the cyber-attacks on organizations were caused by ransomware, according to Radware.
Radware is considered a global leader in cyber-security solutions for virtual, cloud and software-defined data centers. It offers its clients an emergency center that immediately detects and protects against cyber attacks.
Tools that detect and fight ransomware
To protect your computer against ransomware attacks, Cybereason offers a free tool, which was also recommended by Israel’s National Cyber Event Readiness Team (at the Office of the Prime Minister) in its recent advisory, released yesterday. After downloading Cybereason RansomeFree software, your computer will be protected against 99 percent of ransomware strains, including WannaCry, according to the company.
Avihai Ben-Yossef, Cymulate’s CTO, also advises users to download the most recent WannaCry security patch issued by Microsoft right after the attack.
Marketing executive Einat Meyron, who has worked in the cyber-security industry (for giant McAfee, COMSEC, and Fortinet Israel, to name a few) over the past 17 years, estimates that this past weekend’s attack is just the tip of the iceberg. “Clearly, this was a dormant worm that just waited to spread, and then infected hundreds of thousands of computers in a matter of hours,” she tells NoCamels. “We need to prepare for future attacks in order to prevent business and health crises.”
Photos: Wikimedia Commons, Pixabay