WannaCry & NotPetya Ransomware Attacks – One Year Later May 1, 2018 Cindy Provin More About This Author > The cyber community is often reminded of past events such as large-scale data breaches and vicious cyberattacks that caused mass destruction and caught the publics’ attention. This month marks the one-year anniversary of the WannaCry ransomware attack that seized operating systems across the globe and caused businesses up to $4 billion in damages. The WannaCry virus was able to spread thanks to the Shadow Brokers’ NSA data dump which exposed EternalBlue to the public and was quickly abused by cybercriminals. Using the same exploit, hackers released the NotPetya attack in June 2017 which infected computers in over 100 countries worldwide. The devastation caused by these two aggressive ransomware attacks continue to plague businesses. In fact, Boeing was recently reported to be hit with WannaCry, demonstrating how the ransomware is still very alive and well. The anniversaries remind us that organizations need to be better equipped to face the next WannaCry or NotPetya. To do so, businesses have to know where their data lives, why it’s important, and who should be allowed to have access to it. Without this knowledge, it’s difficult for organizations to put the proper security and access control measures in place to ensure sensitive data doesn’t end up in the wrong hands. According to our recent Global Encryption Trends Study, 67% of organizations cite data discovery as one of the biggest areas of challenge when deploying encryption. Organizations are storing their data in more places now than ever, and by default, they are creating new attack surfaces. Additionally, global data regulations and compliance orders are forcing companies to be held accountable for how they manage data privacy. In fact, our report revealed that respondents in the UK, Germany, U.S. and France indicated the highest data discovery challenges, which can be attributed to preparations for GDPR. When it comes to protecting sensitive data from ransomware, traditional methods such as backing up your data and continually patching systems are always important best practices. However, businesses need to take this one step further by encrypting data and putting the right access controls in place. By encrypting your data, anything that’s retrieved by hackers is rendered useless to them. Organizations should adopt a strategy of “encrypting everything” to ensure they have the upper-hand in the fight against attacks like WannaCry and NotPetya. Access controls such as key management are also a crucial component that allow organizations to take control and manage the individuals who are accessing sensitive data. Thales offers a comprehensive suite of data security solutions designed to protect data wherever it lives – across devices, processes, platforms and environments. Unfortunately, cybercriminals are becoming increasingly sophisticated and these attacks will continue to occur unless organizations deploy preventative solutions. As an industry, we need to unite together to prevent cybercriminals from gaining access to our data and fundamentally disrupting the way do business. You can find more information on the Thales website about our encryption and key management solutions. To learn more about industry trending topics and data security best practices visit the Thales eSecurity Blog.