On Friday, May 12th companies and organizations around the world starting dealing with attacks by a ransomware strain variously known as WannaCrypt, WanaDecrypt and Wanna.Cry. Ransomware encrypts a victim’s documents, images, music and other files unless the victim pays for a key to unlock them, if at all.
This story has been everywhere, even my precious local news, so I figured we should give you some information as well.
Here are some things we think you should know about this story:
- Misinformation – When we recorded the podcast Sunday night, the information I had was way off. I don’t remember my source but it was wrong. It was the NSA not CIA, $300 not $3000, and it was a security researcher not a reporter that helped curb the spread. Dave had some good sources, especially a Microsoft blog post calling for action on this type of attack.
- What actually happened –
- Earlier this year the US government reported that data had been stolen from the National Security Agency, or NSA. Included in this was an exploit that Wanna Cry was based on.
- In March, Microsoft released a patch for the vulnerability to its currently supported operating systems, Windows 7, 8.1 and 10. If your Windows computer was updated, it was not at risk. It only affects Windows computers.
- There are tons of computers around the world that are not updated for one reason or another.
- WannaCrypt was being spread primarily by phishing emails, most commonly links or attachments, and as a worm on unpatched systems. It only takes one person within a network to click a link and it will spread like wildfire through the system.
- It is estimated that more than 230,000 computers in 150 countries were infected. The software then requires you pay about $300 in Bitcoin to unlock your files. Britain’s National Health Service, FedEx, Deutsche Bahn and LATAM Airlines were all hit.
- A security researcher found a domain in the ransomware that was not registered, by registering it the spread was slowed.
- We aren’t in the clear, security experts believe there are new strains being spread which bypass that domain.
- Microsoft released a security patch even for unsupported versions of Windows.
- These types of attacks are not slowing down! – There are new phishing and ransomware attacks showing up every day. These criminals are lazy and holding your data ransom is an easy way for them to make money.
- How can you avoid being infected? –
- #OneBackupIsNoneBackup. You know who doesn’t need to pay the ransomware fee? People who have a good backup they can recover.
- Pay attention to email. We get in a hurry and start clicking on links willy-nilly. Slow down, if something doesn’t seem right take a second look. Check the from address carefully, hover over links to see if the address is correct.
- Keep your computer updated. If you’re still on Windows XP it might be time to updated. Unless you have a reason automatically install all updates.
- Educate others. It is no good if you are doing everything right and someone else on your network gets infected and ruins it for everyone.
- What to do if you are infected –
- Take a picture of the messages on your computer with your cell phone.
- Turn off the computer.
- Disconnect it from the network if hardwired.
- Call someone. If you are at work call IT, if you are at home call someone who can help.
- Keep your fingers crossed.
This stuff is scary and it should be, this software can do crazy things and cause tons of problems, be smart out there. If you need help contact us, we can help!
Further reading: