By Matt Hamblen
May 16, 2017
WannaCry works differently than many past ransomware attacks because of the way it spreads through networks. After an unknowing worker clicks on a compressed Zip attachment to launch WannaCry, it can spread through a corporate network to infect and lock other computers -- even those where no link or attachment was accessed.
"This particular ransomware was slightly different in the sense that it self-propagates -- it's a worm type," said Anath Balasubramanian, general manager for worldwide healthcare business at Commvault, an established data recovery company with thousands of customers in 66 countries.
"Even at the best-prepared organization, there will still be one or two outlyers that haven't patched with the latest patches or still run older Windows XP, which makes this one very tricky to defend against," Balasubramanian said in an interview.
As for affected systems that need patching, he warned: "You still have to be very savvy when you restore.... You have to restore outside of the network where the attack happened because otherwise you re-infect the computers and and face an eternal cycle of restoring. You have to have a quarantined network to restore to the system."
Balasubramanian said hospitals have historically faced an IT budget crunch and have placed patient services above IT budgets that govern what's spent on security and recovery. "Healthcare IT budgets are under-budgeted, understaffed and under-resourced," he said.
Even so, U.S. hospitals have made IT and security and backup a higher priority than in other countries.
Part of what organizations need to limit ransomware attacks is a "change in mindset and mentality that says IT is a critical asset," he said. "No matter how strong your defenses are, things will always go wrong. Nothing in the world will prevent you from another ransomware attack with a 100% guarantee."