The Middle East region largely avoided the crippling effect of the ransomware outbreak that affected more than 100,000 computers across 74 countries between 12 and 13 May.

The malicious software (malware), dubbed WannaCry, brought down vital systems used by the UK’s National Health Service (NHS) and infected thousands of computers in Russia, India and other Western European countries.

According to Eddie Schwartz, executive vice president of cyber services at UAE-based Dark Matter, it is not clear why the GCC states as well as the US were not specifically targeted by those who launched the latest ransomware attack. “What is clear is that it gives organisations in the region more time to prepare and avoid such incidents in future,” Schwartz tells MEED.

The latest attacks showed that criminals went after targets, which can give them the most meaningful gains, Schwartz explains.

Large organisations that have a well-equipped and knowledgeable security team are understood to be generally better able to deal with such emergency situations compared to smaller or mid-sized organisations that do not have in-house security expertise. 

Nevertheless, the executive says his company has received requests for briefing from clients particularly in the region’s financial services sectors, as a result of Friday’s attacks.

The incident that unfolded on 12 May highlights the need for organisations to have a full backup of their data, use updated anti-virus software, and for employees to follow information security protocols such as not opening suspicious emails, among others. “They also need to develop a strong security strategy to deal with such potential incidents,” Schwartz says.

The WannaCry malware targets a Microsoft Windows Server Message Block (SMB) flaw, known as MS17-010. The flaw can allow remote code execution, which is the platform used by hackers to launch the WannaCry virus.

The US software manufacturer has released a patch for the flaw before the latest attacks took place. This has meant only Windows users that have not installed the patch are vulnerable to this variant of the ransomware.

A ransomware works by encrypting data, making it unavailable to users, and demands payment usually through an online payment system.

While it doesn’t steal data, an estimated 3 per cent of those who suffer these attacks usually opt to pay the ransom fee due to urgency of data access. Others pay the ransom fee if the availability of the data can havea major impact on the welfare of people, such as data of medical patients that are scheduled to undergo major surgery in hospital.

Experts do not recommend paying the ransom fee because the malware can return even after the right signatures have been installed to root it out, which means they could be paying the ransom fee repeatedly.