Ransomware WannaCry: a lot of misery, no surprise

The scale of the attack and the panic that caused the ransomware attack this weekend is big, but the problems could have been much smaller if organizations had just pursued a reasonable security policy. That is what René van Buuren, Cybersecurity director at Thales Nederland says. According to Wessel Hemels, cybersecurity specialist at Thales Netherlands, the ransomware uses a vulnerability in Windows that was already known at the end of March.

The scale of the attack and the panic that caused the ransomware attack this weekend is big, but the problems could have been much smaller if organizations had just pursued a reasonable security policy. That is what René van Buuren, Cybersecurity director at Thales Nederland says.

According to Wessel Hemels, cybersecurity specialist at Thales Netherlands, the ransomware uses a vulnerability in Windows that was already known at the end of March. "That means organizations lag behind with their updates and patches. That is the main reason why this could get out of hand. "

The Netherlands has been lucky, thinks Van Buuren, who refers to the message from the National Cyber ​​Security Center in which the NCSC states that the number of infections in the Netherlands has been limited so far. At the same time, the attack also had a major impact on the business world without major incidents. "Many organizations have worked throughout the weekend. Also with us the phone was red-hot because of the many requests for help. "

The organizations that now have the greatest panic are mainly lacking structural policy, says Van Buuren. "They now have to build a fire station while the smoke is already in the operating room. These kinds of problems can never be completely prevented, but if you are prepared, if you make sure that you quickly identify these things and can respond immediately, then the scale of the disaster is much better limited. "

The first step that should be taken immediately is the development and implementation of a roadmap that will quickly and carefully bring the organizations to a safe situation. "Just throwing a bag of money at it does not make any sense. Cyber ​​security has to be carefully built up, where you have to look closely at where the priorities lie, what your organization can handle and where you might have to call in the help of third parties. "

Autonomous malware
For Hemels the recent developments are hardly a surprise. "The ransomware itself is not even special. What is relatively new and now causes so many problems is that it behaves like a worm, so that it can spread autonomously over the network. "Hemels also wonders to what extent the malware has now been made harmless. "There are already variants in circulation where the 'kill switch' has been removed and was used by security experts this weekend to deactivate the malware."

According to Van Buuren, we are talking about well-organized crime. "This is the reality that we have to deal with: clubs like this make optimum use of all the tools and vulnerabilities that are available to them. As soon as they see chances, they tackle it with both hands, and as long as their targets remain on their hands and do not prepare for their attack, it remains a particularly lucrative story. "
Van Buuren advises organizations to work on a solid security policy as soon as possible. "The damage of this type of attack can be limited, but action must be taken."

The Cybersecurity department of Thales Nederland is ready for help and advice to organizations that want to better prepare for this type of attack. Thales advises on the latest developments, is able to scan company networks for the presence of possible malware, and assists in the development and implementation of a solid cyber security roadmap.