WannaRelax? – tips to safeguard yourself against Ransomware


Digitisation is making it possible to imagine entirely new ways of doing business and get ahead of the competition; however, these same advances are also driving innovation in crime. As business went virtual, so did the crime.

Let’s look at ransomware as an opportunity to grow profits – another age old criminal business model, that of kidnap, of data. Ransomware, a specialised form of malware, acts to encrypt data and demand the payment of a ransom in order to allow the victim to regain access.

Like kidnap, ransomware takes something of value away from the victim, refusing to relinquish it until money (bitcoins etc.) is handed over. It forces victims to put a value on their data, and allows criminals to make money from data that otherwise they may be unable to monetise.

In steps WannaCry, taking a turn on ransomware and affecting the globe in a matter of hours. Cisco Talos quickly found that this variant of ransomware is a type of malware that exploits in operating systems with no user interaction needed to spread. It is also the first ransomware worm seen in the wild and works by:

  • Encrypting 176 different file types, adding WannaCry as an extension;
  • Displaying a pop-up message stating, “oops, your files have been encrypted!”
  • Demanding a $300 Bitcoin ransom that doubles after three days.
  • Deleting user’s files if not paid in 7 days.

Blocking as many attacks as possible at the perimeter is vital, but organisations need to plan for the few attacks that may get through by:

  • Keeping security software and operating systems updated automatically to patch backdoors that ransomware exploits.
  • Never open emails or click attachments from unknown sources. This is the leading method of ransomware delivery.
  • Never enable macros if asked when opening emails, unless you know the source.
  • Backup individual device and network data every day so that you don’t have to pay ransom or suffer bad publicity.
  • Use offline and cloud services for archiving.

Thinking holistically about your security – before, during and after an attack – delivers ultimate visibility and responsiveness to prevent, detect and remediate threats faster.

Cisco Southern Africa is launching the first Cybersecurity Customer Experience Centre and Academy in the region to educate and train customers and other stakeholders on cybersecurity innovation, prevention and remediation.

About Cisco:

Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.