#WannaCry Ransomware Attacks: Europol Chief Urges Orgs to Patch Systems

In the wake of the weekend’s ransomware attacks [dubbed WannaCry] that hit multiple industries and services in 150 countries worldwide, Europol chief Rob Wainwright has urged organizations to patch their systems amid concerns about continuing attacks.

Speaking to the BBC yesterday, Wainwright said: “At Europol, we’ve seen ransomware become a major cyber-criminal problem over the last two years, but we’ve never seen something on this scale and that’s because the ransomware itself has been combined with a worm application that allows the infection of one computer to quickly spread across other networks.”

Wainwright added that a slowdown of the infection rate on Friday night, due to a temporary fix, was overcome by a second variation [of the WannaCrypt ransomware] which saw the numbers of affected systems rise further.

Therefore, he said it’s important that companies who are not running up-to-date systems or haven’t patched “better make sure they’ve done that before people turn up to work on Monday morning”.

Wainwright claimed the attack serves as a “massive reminder to sectors right across the world that cybersecurity should be a top line, executive priority.”

Wainwright’s advice to make updating systems a priority has been echoed by industry experts, with Tenable Network Security’s EMEA technical director Gavin Millard warning that, despite a significant amount of interest in the media and inescapable coverage of the outbreak, many systems will still be lacking the MS17-010 patch required to mitigate the threat.

"For users that are rightfully concerned about another WannaCry wave, updating their system to remove the vulnerability that it targets and blocking SMB traffic (Ports 139 and/or 445) to any system that can’t be updated is critically important”, he said.

Chris Doman, security researcher at AlienVault, added: "The internet scanning service Shodan shows approximately half a million networks with the vulnerable service exposed to the internet in the US, and almost 20,000 in the UK. Most of those systems will have been patched by now, but a significant proportion won't have been."

What’s Hot on Infosecurity Magazine?