WannaCry: Understanding and preventing the global ransomware attack
You’ve likely already heard the buzz about WannaCry, the global ransomware attack that affected thousands of companies on Friday, May 12, 2017.
More than 200, 000 computers in 150 different countries were infected by WannaCry, and the risk is still imminent for those without the proper technology and security protocols in place.
Ransomware is malware that locks you out of your business-critical files and demands a ransom be paid to regain access to the encrypted data.
The main thing you need to know about this ransomware: it targets devices in need of regular updates. In other words, you have the capability to make an attack completely and totally preventable. Really. This didn’t have to be a problem, but users all over the world were operating on an outdated version of Windows that left their network vulnerable.
What is WannaCry?
WannaCry is a form of ransomware that encrypts a user’s files and demands they pay a requested amount (usually $300 in bitcoins) to regain access to their information. If the ransom is not paid within three days, the amount doubles to $600. After seven days, WannaCry will permanently delete the user’s files.
Who is at risk for WannaCry?
The worldwide malware attack wasn’t the result of some high-tech hacking venture. The security vulnerability was first uncovered by the NSA, but was released to the public by a group of hackers that call themselves “ShadowBrokers” in April of this year. Now, the malware is being used to exploit vulnerable systems across the globe. Any person operating on a Windows Operating System, that has not implemented the software updates and patches released by Microsoft, is at risk for WannaCry.
What should I do if I get infected from WannaCry?
IT experts discourage companies from paying the ransom. Instead, they recommend businesses rely on data backups to restore the information. However, many organizations that do not have a proper backup solution in place when infected, panic, and resort to paying the requested sum in exchange for their files.
As of Tuesday May 16, approximately $70,000 in Bitcoin currency were paid as ransoms to hackers.
If your company suffers a WannaCry attack, contact your IT team immediately. Your internal IT person or managed IT services provider should work with your business to prevent any further damage and retrieve your encrypted files.
Unfortunately, researchers have yet to discover a way to decrypt the files encrypted by the WannaCry malware. The only other alternative to restoring a backup of the infected files is to follow the instructions provided by hackers and pay the ransom.
Is the WannaCry scare over?
A 22-year-old researcher, Marcus Hudgins, accidentally discovered a kill switch for the malware when he purchased and registered a domain associated with WannaCry code, thus slowing the attack.
Hudgins only meant to track the spread of the virus, but managed to uncover the ransomware’s kryptonite.
However, the WannaCry ghost has been resurrected and now bears a new name, Uiwix. After the WannCry kill switch was revealed, hackers remedied the vulnerability and launched Uiwix. Researchers have yet to discover a kill switch for this version of the ransomware.
How can companies protect against WannaCry?
There isn’t anything special or expensive you need to do to protect your computer from the malware virus. Simply keep your Windows PC and software up-to-date. Your IT team, or managed IT services provider, should automatically apply updates and patches to your IT environment as needed.
It’s best practice to ensure all updates and patches are implemented, no matter what operating system you use. However, Windows users running Windows XP, Windows 8, or Windows Server 2003 should immediately install the update released by Microsoft on the Friday of the WannaCry attack.
If you’re unsure about your company’s security position against malware attacks, ask the following questions:
- Is any of your IT hardware past its End of Life?
- Have all your systems and software been updated and patched appropriately?
- Have your employees been educated about Social Engineering attacks?
- What policies do you have in place regarding the transfer of funds and sensitive information?
- Who manages your user identities?
- How do know if your network has been compromised?
- Do you have a proper backup solution in place that can remedy data loss or any other kind of IT disaster?
If your IT team cannot answer these questions, you should likely consider a different IT solution. Contact an Aldridge representative today to learn more about how your business can bolster its network against a cyberattack.