The vulnerability in the Microsoft Windows software - exploited by "WannaCrypt" - crippled computers across the world, with hackers demanding hundreds of dollars from the users for them to regain control over their data.
In what it said was a "highly unusual" step, Microsoft also agreed to provide the patch for older versions of Windows, including Windows XP and Windows Server 2003. The researcher discovered that the web address that WannaCry was searching for had not been registered. Sophisticated ransomware usually has an automated way to accept payments from its victims who want to unlock their computers. But catching ransomware attackers is generally much more hard - unless they slip up. In part, that's simply because of the logistical complications involved in paying ransom to unlock thousands of computers within the short time frame demanded by the hackers behind the WannaCry attack. The NHS, for example, was particularly vulnerable because of its heavy reliance on Windows XP, an operating system that is no longer supported by Microsoft.
"It has been reported that a new ransomware named as Wannacry is spreading widely". For example, the U.S.is fighting a war and the military needs to take down a power plant, and there are only two options: "to drop a bomb on it, or to use a cyberattack to temporarily disable it".
Choose a security or anti-virus solution that protects against ransomware, and keep it up to date. Furthermore, the risks of ransomware compound when organizations lose valuable data that has not been backed up and that can not be properly restored. Probably the most successful one ever was the fearsome Stuxnet worm, which did moderate damage to Iranian uranium enrichment facilities back in 2009.
User Vigilance and Training.
Never click on any suspicious, dubious or strange-looking link or attachment received via email. "Think about how antiquated that feels to us today", Smith says.
A researcher from Google posted on Twitter that an early version of WannaCrypt from February shared some of the same programming code as malicious software used by the Lazarus Group, the alleged North Korean government hackers behind the destructive attack on Sony Corp in 2014 and the theft of US$81 million from a Bangladesh central bank account at the New York Fed previous year. Indeed, this assessment should be commenced as soon as possible.
For those organizations having comprehensive security protocols in place, take this opportunity to conduct your regular re-assessments and threat analyses now.
"Really the lesson here is that for individuals, at least, if they didn't turn off the automatic update feature - so a Windows update in this case - they would've gotten the patch and they'd be fine", said Troy Hunt, a security trainer and a Microsoft regional director.
Ensure that the backups to your data are current and properly secured to enable their implementation when necessary.
Auto maker Nissan, which saw its systems being impacted globally, said the Renault-Nissan alliance plant in Chennai came under attack but its India team has responded and there is no major impact on business.