<img src="http://www.djkeun1bal.com/72021.png" style="display:none;">
Call 248-412-8200

#WANNACRY: A Happy Accident Is ‘Holding Back The Tears’ – For Now

May 18, 2017 12:52:36 PM / by Janet Tyler, COO


An unfortunate truth about computer security is that would-be hackers only have to be lucky once, but data security specialists have to be lucky always.

Today, it’s looking like we’re very lucky indeed – if only for the moment. If you’ve been following the stories (and the near-panic) surrounding the #WannaCry  ransomware attack and have been concerned about your own systems’ potential vulnerability, the good news is that a British malware specialist’s quick thinking and good luck seems to have bought you some time.

For those who don’t know, #WannaCry is a particularly malignant bit of malware currently being spread through some highly sophisticated phishing emails. When these are read and acted upon, they trigger the download of an application that proceeds to encrypt a computer’s contents and demand a 300 Euro ($329) ransom, payable in Bitcoin, for the favor of decryption.

Here’s what’s made #WannaCry really worth crying about. Firstly, the phishing emails leading users to inadvertently download it are highly polished, usually appearing to come from trusted associates and credible companies (one victimized company, Docusign, has provided a guide to distinguishing its genuine messages from the malicious fakes). Secondly, the hackers have evidently used a trove of stolen U.S. government spying tools to ease the malware’s spread – and help it to evade even sophisticated corporate security measures.

Microsoft has blamed the NSA’s creation, and subsequent loss of control of, these tools for #WannaCry’s success in exploiting a Windows vulnerability and skirting robust security systems. And let’s face it: No matter how good a given vendor’s security systems are, an NSA-sponsored hack is likely to get past them. That’s just what happened as #WannaCry started cutting a swath across European, Russian and Asian networks beginning late last week. While it had also cropped up in various US locations, notably FedEx, it was thought that Monday morning would have brought its full force to bear upon American systems and users.

By now, many of us would have been screaming at our PCs and reaching for our credit cards – were it not for some quick and lucky moves by an English security guru going by the name of MalwareTech. In examining the phishing emails’ code, MalwareTech found a reference to a scrambled (and unregistered) domain name buried in its inner recesses. As it turns out, this had been inserted as a “kill switch” designed to stop the emails’ spread if its author decided to; once authenticated as “valid,” the emails would stop reproducing and re-sending themselves on infected computers. MalwareTech registered the domain name, and bingo – the emails stopped, and the large-scale assault on American networks didn’t happen.

More correctly, though, it didn’t happen yet. As MalwareTech pointed out, the hackers behind #WannaCry need only to modify the code slightly to bypass the kill switch and resume the attack. As of Monday morning, some experts say they’re already starting to see some modified emails starting to spread in the wild. That means that if you’ve been spared so far, it isn’t the time to press your luck: Make sure that your systems are protected immediately, if not sooner. Start by following Microsoft’s guidance, and install all applicable patches for the systems you’re using. Microsoft has even taken the extra step of providing patches for legacy products such as Windows XP, Windows 8, and Windows Server 2003.

So if the ‘bad guys’ are growing increasingly sophisticated and the threat they pose is growing more severe, what do you do? Red Level has a few recommendations:

  • Apply patches and updates. Ensure that systems are up to date and that all software updates are installed.
  • Double-check email addresses. Watch for unfamiliar names and domains, as well as ‘spoofed’ accounts pretending to be trusted contacts.
  • Think before clicking. Don’t click or download suspicious or unexpected attachments, or visit unfamiliar links.
  • Use proactive protection. Install and use the latest antivirus and anti malware software available.
  • Keep regular backups. Maintain a regular offsite backup schedule and implement a disaster recovery plan.
  • Modernize your server. Upgrade server operating systems to Windows Enterprise Server.
  • Talk to us. Red Level can develop a comprehensive plan to protect your users, customers, systems and data.

Download the infographic:



We may have been lucky this time, but luck won’t hold out forever. Data security experts around the world are taking this threat especially seriously. We certainly are, and we think you should, too. #WannaCry marks the beginning of a threatening new era in malware, and it’s pretty clear that we have to be ready to respond quickly if we want to keep luck on our side.

Topics: disaster recovery as a service, back up as a service, Ransomware, Wannacry

Janet Tyler, COO

Written by Janet Tyler, COO

Marketing, sales and technology fanatic. #bostonterrier lover and photographer! @TEDxDetroit producer. #COO at @RedLevelIT.

Red Level in the News
Awards and Accolades
Red Level Blog Posts

Subscribe to Email Updates

Popular Posts

Posts by Topic

see all
Team Red Level

The team. The team. The team. 

Meet the people who make it happen at Red Level for our clients every day. [ read more ]

Contact Us

Every great idea, project and partnership starts with a conversation. Call Red Level at 248-412-8200 and let's start changing the game.


Did You Know?

Red Level, a Microsoft Gold partner, was recognized by Microsoft as Heartland Partner and Heartland SMB Influencer Partner of the year at the Microsoft Worldwide Partner Conference on July 13, 2015. [ read more ]


Red Level Stands Ready

Our team of consultants, developers and technologists are here to help your company level up.
» Technology Consulting
» Cloud Solutions
» Managed IT Services
» Application Hosting
» Disaster Recovery
» Hardware as a Service
» Infrastructure as a Service
» Managed Azure
» Managed Office 365
» Virtual CIO
» Voice & Carrier Services




Change the Game

Continual change is the new normal. New systems and practices can create powerful advantages or big problems for companies. Red Level CEO David King takes a look at five key characteristics game changing technologies share. [ read more ]