Some of you may have heard about the Wannacry ransomware targeting computers worldwide. Ransomware is designed to encrypt data. Criminals then try to ransom that data back to you.
This version of ransomware is particularly bad and there’s worse news: At least two new variations of the malware have already been detected.
Utilizing technology previously used by the NSA and the US government, Wannacry has been very effective at infiltrating networks and locking down systems. Over the past five days, the Wannacry virus has hit government networks, hospitals, transit systems, banks, universities and countless businesses worldwide.
The malware spreads as a worm — scanning other computers linked to any machine or system it infects for the same defect and leaping onto them — through a vulnerability in Microsoft systems, particularly on outdated software like Windows XP or Windows Server 2003.
The malware includes an encryption package that automatically downloads itself to infected computers, locking up nearly all of the machines’ files and demanding payment of $300 to $600 for a key to unlock them.
What to do if you’re infected.
You’ll immediately know whether you’re infected — you’ll be greeted by a popup screen saying “Ooops, your important files are encrypted.”
And by “important,” they’re talking about your most commonly used files — including .mp3 audios and .mp4 and .avi videos; .png and .jpg images; and .doc and .txt documents. The worm also targets any backup files you may have made, so you can’t even restore older, safe versions.
The encrypted files will have the extension .WCRY added to their names. The international security firm Kaspersky has a complete list here.
Analysts said you should not click the “check payment” or “decrypt” buttons in the popup message. Instead — if you’re able to — download and install Microsoft patch MS17-010, available here, which should work on Windows systems going all the way back to Vista.
What can be done to help prevent it?
1) Regular software updates. Microsoft was proactive this February and released a security update to help stop the spread of Wannacry and the exploit it uses to access networks.
If you are using a supported operating system such as Windows 10, 8 or 7, verify that your software updates are going through, or contact your technical support team to verify that they have been done.
If you are still using an unsupported operating system, such as XP or Vista, chances are your system has not been updated and is vulnerable.
2) Use an up to date antivirus software package and be careful with email attachments. It has been reported that Nortons, Trendmicro and several other AV solutions have helped prevent the spread of Wannacry in some cases. Note that none (reportedly) have been 100 percent effective.
Ramsomware viruses often get into business computers through email attachments. Wannacry is no different. Please inform your staff to double check email attachments prior to opening them, and use an up to date Antivirus package to scan received files.
3) Backup your critical data. Regular data backups are very important. If your data becomes encrypted you will be able to recover and get back to business.
1. Keep at least three copies of your data. This includes the original copy on the computer and at least two backup copies.
2. Keep the backed-up data on two different storage types. If you backup to an internal hard drive, make sure that you use a secondary storage device, like an external hard drive, or a network file server.
3. Keep at least one copy of the data offsite. Even with two copies on separate storage devices/types, but stored at the same location, a fire or flood could wipe them out.
Keep the third copy at an offsite location, like on an off-site file server, or an external hard drive someone takes home at the end of the day.