The WannaCry ransomware attack has been continuing for a week now and large numbers of computers continue to be infected.  Some estimates show well over 300,000 infected computers in over 200 countries, making this the largest cybercrime in history.

Wana Decrypt0r 2.0 Ransom Note

Individuals through multinational companies have been crippled, including FedEx, Hitachi, and Renault.  The UK’s National Health Service was one of the worst hit, with the attack forcing hospitals to cancel appointments and non-emergency surgeries.  The police force in Yancheng, China was unable to provide services and many of Russia’s banks were affected.

Ransomware was predicted to be the fastest-growing and most costly malware threat of 2017.  In a typical attack, the malicious code encrypts a computer’s hard drive and displays an extortion note demanding payment on the monitor.

There obviously has been a lot of press on this worldwide incident, so we don’t need to look at all the details.  But we work with a lot of busy people, so we have a few items we need to share.

Here’s some key things we are advising our clients:

1. This particular attack could be easily defended against.

WannaCry and its variants exploited a vulnerability in Windows that was patched by Microsoft.  All the major antimalware software we sell, including our own custom banSHIELD suite, will detect and block them.  But none of this will work if you computer is not properly updated.

2. Patch and update…immediately!

The patch for Windows was released by Microsoft…back in March of this year!   Many cybersecurity experts were outright puzzled by this, but we see this in the field all the time…businesses and individuals aren’t letting their computers update.

3. Don’t turn off automatic Windows Updates!

There is a mythology that has perpetuated for years on the internet that Windows Updates will mess up your computer, with effects ranging from desktop shortcuts disappearing to device drivers failing.  Real issues with some computers updating Windows 10 served to perpetuate this fear.   We even issued an advisory to our clients and newsletter subscribers last fall on Windows Updates.  But we’ve always advocated automatic and immediate updating!  As this incident proves, keeping your operating system updated will protect you and offsets any risks or minor issues that can easily be fixed!

4. Let your computer update.

Yes, you can save money if you turn off your computer or let it sleep at night.   But it can’t update if it’s off.   Also, Windows by default will not restart to update if you are signed in.   So make sure you are signed out, with the computer on overnight.

5. Don’t use an outdated operating system….like Windows XP.

A very significant portion of the affected computers were running Windows XP.  Using XP or any outdated operating system leaves your computer with no patches, making your computer vulnerable.  You can see our warning about this and even the Windows XP Expiration Countdown Clock on our website…from over 1100 days ago!

6. Don’t use pirated software…especially operating systems!

Many experts think that the majority of the infected computers in China, Russia, and India were running bootleg versions of Windows.  Engadget’s article on this sums up the situation pretty well.  But even here in America, Windows XP computers can still be found even at many businesses.  The bottom line is that modern operating systems protect against modern threats.  If you really can’t or won’t spend the money to upgrade, consider trying Linux…it’s free!  We wrote a great article outlining how we help businesses and individuals with Linux!

7. Don’t pay the ransom!

Initially, it was estimated that ransom payments could reach into the hundreds of millions of dollars.  Fortunately, since the demand for payment was via Bitcoin and these transactions are public, we can easily monitor the ransoms.  Elliptic even has a tracking page and as of this writing, the payments barely exceed $90,000!  And the payment deadline has already hit most of Europe and Asia, depending on when computers were infected.

Security experts almost unanimously agree that it is generally not a good idea to pay.  Ransomware is only profitable if people pay up, so if no one gives in, there’s no money in it.   And once you pay, there is no guarantee that your data will be released.   This has always been true for ransomware.  Initial indications show this to be consistent with the experience of those few victims who have paid the WannaCry ransom.  In fact, there is evidence that the perpetrators may not even be able to trace who paid them off!

If they don’t know who paid, they won’t know who to unlock!

8. Back up your files.  Locally and to the cloud!

Ransomware locks up your files.  If you have backups…no problem!  Just restore the files.

Our Disaster Preparedness systems specifically address this and we can even restore a properly backed up computer within an hour.   That’s with local backups, but our Disaster Continuity system also uses secure cloud backups…so if your local storage is lost or encrypted by ransomware, we can recover the data.

The WannaCry infection in particular is easy to remove, but even as of this writing, recovery of locked up files is only partially successful.   With the scope of this problem, someone should eventually find a way to decrypt impacted files.  We will monitor for this, but there’s no way to tell how long it will take to develop a fully effective recovery tool!

So even though we can quickly get rid of WannaCry, anyone claiming they can recover your files may just be another scammer.  But if you have backups, you can be up and running again!

9. This can only get worse.  Really.

As we mentioned above, ransomware attacks were predicted to continue to grow in 2017.  Computer Weekly wrote in January that ransomware was “set to evolve” this year.  We quoted that particular phrase because WannaCry was anything but an evolution in ransomware.  In fact, this malware was one of the exploits stolen from the NSA.   And there are several indications that the entire attack was conducted by sloppy amateurs!

So imagine if those US-government-made hacking tools were used against your network and computers by experienced professionals.  And there are far more sophisticated forms of malware being developed daily.  With the probability of cybercrime increasing rapidly, it is only inevitable that greater threats will surface.

BE PREPARED!

The bottom line is that everyone must be prepared.   The WannaCry attack could easily be prevented and the steps you should take apply to safeguarding against any cyberattack.  And they apply to not only Windows, but Mac and Linux…plus most mobile and connect devices too!  In short:

  1. Keep your systems UPDATED.
  2. Use proven ANTIMALWARE software and systems.
  3. BACK UP your data…locally and in the cloud.
  4. AVOID PIRATED AND UNVERIFIED software.
  5. Finally, BE CAREFUL with your web browsing and email.

 

Computing security is not just for major corporations.   Follow us on Twitter or our Security Blog for advice specific to small businesses, organizations, and even regular people!

Need Help? support.bansheecloud.com

 

 

 

 

WannaCry Ransomware Lessons

Wana Decrypt0r 2.0 By Source, Fair use, https://en.wikipedia.org/w/index.php?curid=54032765