WannaCry’s Rolling Disaster

Identity theft and the financial damage it can cause is incredibly stressful for those affected. I’ve been a victim myself: a past employer handed over all of the company’s W2’s for current and past employees, so Social Security numbers, addresses, salaries…all handed over to a phishing scam. That was bad—and has happened to millions of individuals—but ransomware that holds data hostage can be so much worse – especially in the case of WannaCry, where the broad range of organizations targeted included universities, telecommunications companies, utilities and, notably, 20% of the UK’s National Health Service.

Unhealthy Ransomware

Hospitals and healthcare providers could be especially vulnerable to sophisticated malicious attacks because what they store on and use computers to access is the most valuable of all data—patient health data. In hospitals, timely access to data can be life-critical. Having a good disaster plan in place – one that includes multi-site distribution of data with a fast failover plan is not just sensible, in many places, it’s required by regulators.

No one saw this coming. Why not? It’s not the first malware attack, nor is it the first ransomware attack to hit some of the same organizations this one hit. And it won’t be the last. But what about the people? Access to patient data was lost—in same cases for a short time, others longer—at multiple hospitals and clinics; some because they heard about the disaster and shut down their systems; others because they found out when they got the ransom-demanding banner. Diverted ambulances and cancelled elective appointments and procedures impacted access to healthcare, availability of utilities and communications networks and more. At least 150 countries have been affected, and the financial cost of it was estimated at $4 billion (estimate by Cyence) as of Tuesday morning.

Pay up?

Some paid the ransom, fearing that it was their only choice, but, adding insult to injury, many of those who have paid the ransom to unlock their data didn’t—and aren’t likely to—get it unlocked. Experts say that these cybercriminals who are demanding a minimum of $300 (in Bitcoin, of course) probably are not able to release the data easily because to do so, they have to be on top of what payments came from which computers so that they can send encryption keys to each individual computer.

Get Ready

Rather than paying, be prepared. We can help. Scality RING can be a strong ally in your plan to meet data availability, retention and security requirements. And, you can use its multi-geo options to distribute data across availability zones to ensure data access even when an entire data center is lost. Download the whitepaper “Data Security in the RING” for more information on how to accomplish this.

Learn about Scality RING security mechanisms with this white paper
Download the White Paper

 

Want to discover more?

Learn about Scality RING

Leave a Reply

Your email address will not be published. Required fields are marked *