WannaCry is back: ransomware hits Connecticut state agencies

Infamous WannaCry ransomware virus attacked 12 Connecticut state agencies

WannaCry ransomware^[1] was huge last year. It launched a massive cyber attack that caused chaos in 150 countries were home computer users, companies, organizations, and infrastructures got infected with file-encrypting malware. However, hackers are not going to stop this year: 12 Connecticut state agencies suffered from cyber attack this month.

Connecticut’s Department of Administrative Services (DAS)^[2] reports that 160 computers at 12 state agencies were infected with WannaCry ransomware on February 23. However, the names of the agencies and the damage are not revealed.

The DAS Chief Information Officer Mark Raymond tells that malware did not cause major damage:

We have no reports of files being encrypted or any data loss.

According to the latest information, IT specialists needed a couple of days to recover after ransomware attack. Currently, is unknown how WannaCry managed to launch the attack.

WannaCry used Windows vulnerabilities to infiltrate computers and networks

Authors of WannaCry took advantage of the leaked EternalBlue exploit kit.^[3] Hacker group Shadow Brokers stole it from the US National Security Agency (NSA) and posted online. There’s no surprise that criminals adopted it for their needs.

The exploit targets the vulnerability in Microsoft’s implementation of Server Message Block (SMB) protocol (CVE-2017-1045). The flaw existed in Windows XP, Windows 7, Windows Server 2003 and other old versions of the operating system.

However, Microsoft offered patches immediately. The company even provided updates for unsupported versions of Windows due to the attack range. The majority of victims were using Windows 7.^[4]

Unfortunately, many companies and organizations did not pay attention to the necessity to install patches or upgrade to Windows 10 to avoid ransomware attack. However, authors of WannaCry showed that they are not gone. Hence, paying attention to security is needed.

Companies and organizations should strengthen cyber security

WannaCry is one of many ransomware-type cyber threats that are lurking on the Internet. Developers of malware shifted their target focus towards companies and organizations instead of home computer users.

The cyber attack against businesses or public sector can be damaging. Companies might even bankrupt if their important file will be encrypted and decryption key offered by criminals are too expensive. Additionally, never-ending attacks on hospitals put people lives at risk.

Organizations (and home computer users too!) should follow these tips to avoid ransomware viruses:

• Upgrade to the latest version of operating system. In case of WannaCry attack, Windows 10 users were not infected.
• Install patches and security updates, especially MS17-010^[5] which fixes SMB vulnerability.
• Keep all your programs updated. Outdated software usually has vulnerabilities that can be exploited by malicious programs.
• Install a reliable antivirus program.
• Enable Firewall.
• Do not open spam emails and suspicious attachments. Many ransomware-type viruses spread via malspam instead of using exploit kits. Hence, opening an obfuscated attachment might lead to data loss.
• Create backups. Criminals become better and better and hacking computers. Therefore, you have to be prepared for the worst and create backups of the important files. You can save them in the cloud storage or external hard drive.