The hackers are constantly refining their tactics, identifying new ways to extract money from the businesses and individuals they target. Just a few years ago, the primary method was phishing attacks that infected the computers of online banking clients, who were enticed to download malware by clicking on links in e-mails. After the targets’ computers were infected, the attackers monitored users’ transactions, stealing their data to authorise fraudulent transactions, or by using social engineering techniques to trick unwitting clients into transferring money to the fraudsters’ accounts.
“Attackers today are increasingly using new methods to extract money, which are based on extortion. For several years we have observed growth in the threat from ransomware. After being installed on a computer, this software encrypts files and demands that the user pay a fee in exchange for decryption.”
If the fee isn’t paid, the user loses access to the data, or it is made public, exposing the user and their organisation to reputational risk.
In the case of large enterprises, user and production data is often backed up, so the data encrypted by ransomware can be recovered. But while this may appear to make enterprises resistant to this type of threat, that’s not always the case.
“Recovering data once it’s been encrypted by ransomware is only half the battle. The company’s reputation is also important, and it can be damaged if the stolen information is leaked, or if information about the incident is revealed. Additionally, the attackers may install other malware components allowing remote access to the infected IT infrastructure, not to mention the costs of business interruption due to the infection, or the need to isolate systems to resolve the problem and reduce the threat.”
How does the WannaCryptor (WannaCry) ransomware work?
The wave of infections by the WannaCry ransomware has been building since Friday 12 May. Many large international companies have been affected by the attack.
As in the majority of such cases, computers can be infected by e-mails encouraging users to open attachments, but this attack is distinguished by the self-propagation mechanism built into the malware, which makes it possible for the infection to spread itself from a single computer to others in its IT environment. The malware uses a known hole in Windows that was patched by Microsoft in its MS17-010 update in March. Unfortunately, software updates and patch installations take a lot of time in large IT environments, leaving many computers vulnerable. Additionally, computers with vulnerable Windows systems can be infected by connecting to public Wi-Fi networks where other computers are infected. The malware can update itself automatically, installing further versions that avoid standard detection methods in anti-virus systems.
The basic rule for this kind of case (if there is no threat to human life) is not to enter a dialogue with the attackers, and not to pay any ransom.
To limit the threat of infection and the operation of the WannaCry malware, it’s important to consider the following actions:
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
PwC has been active in Central and Eastern Europe for the past 25 years. PwC Central and Eastern Europe (PwC CEE) is a network of firms, consisting of separate legal entities in accordance with applicable local laws and regulations. We work to help our clients in local markets become more successful and globally competitive. Today we have more than 8,800 people, including 260 partners, working in 55 offices across 29 countries in the region.
“PwC” refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. Please see www.pwc.com/structure for further details.
©2017 PricewaterhouseCoopers. All rights reserved