WannaCry

​Happy Monday!

By now, many of you have probably heard of the WannaCry ransom attack that shut down the British NHS among many other organizations large and small over the weekend.  This is one oWannaCryf the larger attacks in recent history utilizing methods leaked by the NSA that exploits Microsoft’s operating systems to silently spread without any user intervention, resulting in a quite effective virus.  The damage done was enough for this to be included in the White House’s press briefing today.

Lots of our users have expressed concern about these attacks and would like to know if they’re vulnerable, so I wanted to address the main points:

What it is:
-WannaCry is a variant of the typical cryptolocker style ransomware that is pretty common these days.  This form of malware gets on a computer and encrypts any files it sees both on the local machine and network shares.  It then demands payment for the “key” to unlock and recover your data.
-WannaCry differs from the typical ransomware malware which has been around for years by using an NSA discovered backdoor in Windows’ file sharing protocol in order to spread from machine to machine silently across a network.

What has already been done to mitigate this:
-Microsoft released an update back in April that secures everything newer than Windows XP from this method of spreading.  Part of your service with Computer Cats is making sure your PCs are up to date, so this update has been applied to your PCs.  As a result the silent spread of this virus is not a concern in your networks.
-Outside of the efficient method of spreading the infection, there is still the standard “Crypto” malware attached (which has been a risk for years).  The best defense against this sort of malware is a good backup solution.  If your data is backed up, the if/when this malware strikes you can just delete the encrypted data and restore from backup and move on with business as usual.  There are other preventative measures available, including placing “honeypot” files on your network that trip alarms in the server which lock things down the moment they’re touched.  We have deployed a mixture of these measures in your networks in order to prevent these viruses from causing damage in the first place.
-Finally, as additional safeguards against this particular bug are found we will be deploying them to your network ASAP.

What YOU can do to prevent data loss:
-In the end the best defense is to prevent these infections from entering the network in the first place.  This starts with you and your employees.  Please take this opportunity to be reminded that there are lots of people out there looking to trick you into running something or clicking something you shouldn’t.  If you receive an e-mail that seems suspicious, please do not click anything inside it and forward it to us for further examination.  My favorite tickets are when people are asking me to verify the legitimacy of an e-mail, as that means the person is paying attention!  Also be vigilant on the internet.  Avoid downloading files from uncertain websites.  Do not trust sites telling you that you need an update or to change your settings.  Essentially, trust no one!  For more information check out our latest article about email security “How To Catch A Phish” and share it with your employees.
-Authored by John Hilb @ ComputerCats

Leave a Comment

Your email address will not be published. Required fields are marked *