Australian based Managed IT support offices in Melbourne, Sydney and Brisbane
Powernet Colour a VITG Company POS

Ransomware Retrospective: A look at WannaCry and its impact on business data

The WannaCry ransomware attack made international headlines earlier this year when businesses around the world, including several hospitals in the UK and Russia’s interior ministry, lost access to their computers and data. Unlike some malware, WannaCry had a specific objective: to hit as many high-profile targets in as little time as possible in order to maximise the impact – and the spectacle – generated by the attack.

But the most alarming feature of the WannaCry attack wasn’t necessarily the choice of targets – it was the fact that it could be spread by sending a specific packet to a targeted SMBv1 server, effectively locking down an entire network with a single packet. In this blog, we’ll look at how that happened, and what we can learn about WannaCry’s impact on business data.

A One-Two Punch

WannaCry was something of a one-two punch: the ransomware element was essentially the standard nasty stuff: infected machines were locked down and their files encrypted, with a demand for $300 worth of Bitcoin in exchange for decrypting them. In fact, while those responsible for the attack reportedly cleared half a million US dollars in a matter of days, there’s no evidence that anyone who paid up actually had their files restored. What made WannaCry so powerful was the way it spread. It exploited a vulnerability in the Server Message Block (SMB) protocol present in virtually every edition of Windows before Windows 10, meaning that once it got on a computer, it could spread across every vulnerable system within a network within moments. As a result, it was able to hit an estimated 230,000 computers around the world within a day.

It was particularly devastating to organisations that failed to keep computers patched, often because of the perceived logistical headache of applying updates without disrupting ongoing work. Microsoft was, in fact, aware of this vulnerability, and had deployed a patch on March 14, 2017 which was sadly too late to prevent the spread of WannaCry through networks around the world. If nothing else, WannaCry demonstrated that neglecting to keep systems up-to-date for fear of disruption to service delivery can result in far greater problems for your business.

The Threat Widens

WannaCry marked a major change in the ransomware threat. In the past, it’s been highly targeted, aimed at organisations with big budgets and where losing access to data simply isn’t an option. Now that criminals are combining blackmail tactics with security exploits to spread ransomware far and wide, they can use more of a scattergun approach, infecting as many people as possible in the hope that somebody pays up.

Lessons To Learn

Unlike simpler cybercrimes, a WannaCry attack needs to be defended against in three different ways:

1) Minimise the threat of ransomware attacks in the first place. This requires both technical measures such as security scanning for incoming files and attachments, files on USB sticks, and even website visits. It also requires procedural measures such as educating staff about the risks and enforcing policies on smart and safe device use.

2) Contain the threat from spreading across a network. This means getting to grips with the structure of your network and the ways different computers share data across it. It also means making sure all your software – including your Operating System – is patched to the latest version to avoid security flaws.

3) Mitigate the damage if the worst happens. Make sure all data is backed up efficiently and comprehensively so that you can easily restore it when needed. It also means having a detailed recovery plan of how you would cope should systems become temporarily unusable.

4) Install anti-ransomware software. PowerNET recommends installing anti ransomware software like Sophos Intercept X. Sophos Intercept X features CryptoGuard, which prevents the malicious and spontaneous encryption of data by ransomware even trusted files or processes that have been hijacked. Once ransomware gets intercepted, CryptoGuard reverts your files back to their safe states.

Your Next Step

Given both the scale and the scope of preparing for ransomware attacks, it can be a daunting prospect to do everything in-house. Consider getting a fresh set of eyes to look at the problem through an external review. Powernet offers a commitment-free review of your current IT environment and what you can do to help it support your business and your IT security better. Find out more at the link below.

Subscribe to our newsletter for the latest technology tips & tricks.

Recent Articles



Search the Powernet blog

Staying Cyber Safe, Top 10 Tips for Being Cyber Secure

Staying Cyber Safe, Top 10 Tips for Being Cyber Secure

The importance of Cyber Security What is Cyber Security – Cybersecurity is the practice of protecting computers, servers, electronic systems, […]

Read more
Getting the most out of Microsoft Teams, our top 10 tips

Getting the most out of Microsoft Teams, our top 10 tips

What is Microsoft Teams? Microsoft Teams is a valuable workplace tool, keeping employees connected and organised. It drives productivity and […]

Read more
Empowering Efficiency: The Rise of Business Process Automation

Empowering Efficiency: The Rise of Business Process Automation

Staying ahead of the technological curve in today’s fast paced landscape is essential. The concept of engaging a vCIO has […]

Read more

We are well awarded

Reach our team

We’re always happy to help you find the right solutions to your IT and technology needs. Here are some ways to contact us.

Give us a call

Chat with our team to discover the best IT solutions for your organisation.
1300 892 692

Our locations

Melbourne CBD

Level 15 / 565 Bourke Street, Melbourne VIC 3000

Eastern Melbourne

Level 2 / 74 Doncaster Road, Balwyn North VIC 3104

Geelong Region

East 4/13-35 Mackey Street, North Geelong VIC 3215


U18 / 23-31 Bowden Street,
Alexandria NSW 2015
(02) 8214 8855


7/9 Archimedes Place, Murarrie QLD 4172

Send us an enquiry