• United States



Wanna stop WannaCrypt? Don’t pay ransoms, backup data, and train employees

May 15, 20174 mins
Backup and RecoveryCyberattacksCybercrime

Top 3 things for CISOs and IT security teams to do in response to the WannaCry ransomware outbreak

three check marks blackboard list
Credit: Thinkstock

Got hit by WannaCry or worried that your organization will be?

It goes without saying (hopefully!) that by now all IT organizations have read Microsoft’s customer guidance for Wannacrypt attacks, and they will immediately deploy Microsoft Security Bulletin MS17-010.

Beyond that patching, here are the top three pieces of advice for IT security pros and anyone concerned with WannaCry or any ransomware strain to heed:

Don’t pay

To pay a ransom, or not to pay… that is the question. The answer is clear. Don’t pay.

Mimecast, a leading email security firm, offers this advice in a blog they posted on WannaCry: “We advise organizations never to succumb to the pressure to pay the ransom to regain access to their applications and data. There is no guarantee this will unlock files and further motivates and finances attackers to expand their ransomware campaigns.”

That would be the popular opinion among cybersecurity experts, including those focused in the healthcare space where WannaCry is of particular concern.

“We often educate our customers in this space (healthcare) on the risks of ransomware” says Atif Ghauri, vice president of Channel Services at Herjavec Group, a leading global information security firm. “Over the last year we saw multiple hospitals taken “hostage” and actually pay out the ransom in an effort to regain control of their systems. We never advocate for payment in the event of ransomware. There is no effective law enforcement for cybercrime today and no way of knowing that even if a ransom is paid, you will get your data back.”

Brian Krebs, a highly respected industry expert and one of the top security bloggers, reports that it appears the perpetrators of what’s being called the worst ransomware outbreak ever have made little more than $26,000 so far from the scam.

Considering the WannaCry global cyberattack has seized hundreds of thousands of computer systems, the payouts reported by Krebs are a far cry from what cybercriminals were hoping for.

Backup data

A Forbes post in November 2015 alerted people to backup their files to thwart a ransomware attack.

The No More Ransom Project is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security. It puts back-up at the top of their how-to prevent a ransomware attack list.

The project recommends: “Have a recovery system in place so a ransomware infection can’t destroy your personal data forever. It’s best to create two back-up copies: one to be stored in the cloud (remember to use a service that makes an automatic backup of your files) and one to store physically (portable hard drive, thumb drive, extra laptop, etc.). Disconnect these from your computer when you are done. Your back-up copies will also come in handy should you accidentally delete a critical file or experience a hard drive failure.”

There is no excuse for a failure to backup. And the consequences can be catastrophic.

Train employees

“If users would have been trained to spot the phishing red flags related to this pandemic, the criminal Wana creators would have been the ones crying,” says Stu Sjouwerman, founder and CEO at KnowBe4, a leading security awareness training firm.

Sjouwerman asserts that WannaCry was socially engineered. “This (cyber-attack) was only driven by social engineering, very similar to the recent Google Docs attack where a million workstations were infected within hours. The employee is the last line of defense and needs to be stepped through security awareness training which includes frequent simulated phishing attacks.”

The Locky strain of ransomware hit Hollywood Presbyterian Hospital in Los Angeles last year – which led to the shutdown of its computer systems and a $17,000 ransomware payout. The fallout could have been avoided if all of the hospital employees were trained on how to detect and react to a spear phishing attack.

KnowBe4 recommends everyone to review these 22 social engineering red flags to watch out for in any email. In the absence of kicking off an immediate employee training program on security, this is recommended reading for all computer users in an organization.


Steve Morgan is the founder and CEO at Cybersecurity Ventures and editor in chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies to watch, notable M&A, investment and IPO activity, and more.