Follow any tech or security blogs and news and it quickly becomes apparent that nearly every week there is some massive new security breach found in computer software, operating systems, and sometimes even hardware. In many cases these risks are actually fairly minimal to many companies in China, but at least once every couple months there is a risk uncovered that poses a potentially massive threat. In mid-May, 2017 that threat was WannaCry, one which has infected a disproportionately high number of computers in China. Here, Sylver Zhong, Pacific Prime China’s Head Property & Casualty Consultant discusses this threat, why your business may be at risk, and how cyber insurance can help you effectively deal with the risk of cyber threats.
What exactly is WannaCry?
WannaCry is a piece of malware (malicious software) called a “worm” that infects computers and essentially holds important files hostage until a ransom – in this case around USD 300 in bitcoin (a digital currency) is paid. This type of infection is commonly referred to by experts as “ransomware” and has become a major concern for companies around the world.
While ransomware has been infecting computers since the early days of computer networking, attacks have become more frequent and sophisticated. This attack is simply the latest major computer security threat, and is being hailed by some as the biggest ransomware threat to date.
What sets it apart from other worms and ransomware attacks is the fact that it has managed to attack a number of public institutions and companies around the world. Initially discovered on May 12, this worm which attacks computers and networks running Microsoft Windows, has since spread around the world.
In fact, according to CNET, the worm managed to infect over 200,000 computers in 150 different countries by May 15. From what we know of the malware, it has been quite successful. Companies like Deutsche Bahn, FedEx, and even the National Health Service in the UK have all been infected.
How is it infecting computers?
When WannaCry was first detected and reported on, it was noted that the worm was being transmitted in an email campaign where files attached and opened would introduce it to computers and infect them. While this is a common way for malicious software to be spread, WannaCry was, in fact, not transmitted this way.
Instead, the hackers who created it did so using a little known Windows OS security flaw originally discovered, and used, by the National Security Agency in the US. According to this article which discusses how WannaCry is spread in Wired, “Without additional proof as to another cause of infection, it can be concluded that the attackers initiated their plan to specifically target machines with a pre-existing vulnerability, using these to spread WannaCry to other systems on a connected network.”
The most important thing to be aware of here is that Microsoft actually published a security update for Windows earlier this year which blocked this hole. Machines with the most up-to-date security update installed are safe from this specific ransomware. That said, the software powering this ransomware is advanced enough to scan networks for out of date machines and start the attack there.
Once one machine is infected, the worm has coding that allows it to scan other computers on the network for ones that do not have the recent security update installed and then transfer and install itself on any other vulnerable computers.
Arguably the most interesting, and scary, thing about this malware is how fast it spread, and how widespread the infections have become. When looking at the numbers infected, it appears that China is easily one of the hardest hit countries.
Why is it more prevalent in China?
According to this article in the HKFP, “China’s National Computer Network Emergency Response Center has confirmed that by 14 May, half of the infected IPs were located in China. The attacks have affected about 30,000 institutions, including universities, immigration checkpoints and oil stations.”
The article goes on to cite that the major reason as to why businesses and institutions in the country are adversely affected is because of the fact that many people in China prefer to use unlicensed versions of Windows. If you do not register your copies of Windows, you will not receive the incredibly important security updates, which means your system is vulnerable.
Another reason as to why it has been so widespread is due to the fact that people might not have known about it and taken steps to update their business’s networks against this threat.
How can I minimize my company’s cyber risk?
Regardless of the reasons why this threat has inversely affected organizations in China, it highlights the fact that many businesses in China can be heavily impacted by a cyber attack. For example, the HKFP article linked above mentions that universities, petrol stations, and immigration networks were heavily infected. In fact, it was reported that WannaCry had managed to infect the Shanghai city and Beijing Chaoyang immigration offices.
When it comes to ransomware, it is important to note that your files are usually locked and if you do not pay the hacker the specified amount there is a good chance the files will be deleted. In many cases, the attacks are coded to look for files with important sounding names and keywords e.g., profit, report, figures, etc. and files that might contain this information e.g., PDF, Word, and Excel files.
Having these files locked could result in your business losing an untold amount of money and time, and in some cases could result in lawsuits from being unable to meet contracts or even a forced closure of your business.
Therefore, it would be a good idea to take steps to avoid cyber threats. The most critical thing is to ensure that you keep all of your software up to date, and if you have not licensed your operating systems, it would be worth doing so.
But it’s not just your systems and networks you need to protect. You should protect your business as well. One of the best ways to do so is by securing two main types of insurance:
- Cyber insurance: A newer form insurance designed to help businesses from losses stemming from cyber threats such as infected computers, lost data, etc. Many plans also cover things such as the costs of data recovery, replacement systems, ransomware, lawsuits that arise due to hacks and cyber loss, etc.
- Business liability insurance: An increasing number of liability insurance solutions for businesses are starting to offer cover for cyber and digital related incidents. Having a solution that protects your business’s digital aspects is becoming increasingly important.
At Pacific Prime China we offer a variety of solutions to protect your business including both cyber and business liability. If you are looking to protect your business from the next cyber incident, contact us today.
Disclaimer: Pacific Prime China solely represents, operates and manages locally regulated insurance products and services in the territory of PR China. Any references to Pacific Prime Global Company or Group, the international services, insurance products or otherwise stated written or verbally, is for introduction purposes about our overseas network only as each entity is fully independent.