Since being unleashed on 12 May 2017, the WannaCry Ransomware attack has become the largest ransomware event in history, crippling 200,000 computers in more than 150 countries. While it was briefly slowed (accidently, as it turns out) by a British security expert, criminals have since updated the malware. It continues to spread at an alarming rate.
A lot of media attention has focused on the organizations affected by WannaCry – notably FedEx, Nissan, Spain’s Telefonica, Britain’s National Health Service, the Russian Interior Ministry, and Germany's rail network. Maybe reporters assume multinational corporations and branches of government have been vigilant and are better at keeping their computer systems up-to-date. (Turns out, they aren’t.)
But for individuals, families, and small office/home office users, WannaCry and other ransomware programs continue to pose a serious threat to their data ... even if the impact on consumers doesn’t receive the same media attention.
What is Ransomware?
Ransomware is a particularly vicious type of malware that infects your computer, blocks you from accessing your data, and demands a ransom in order to regain control of your files. Typically, ransomware will encrypt all of the files and then post a message that promises to decrypt the files if the ransom is paid … or destroy them if not.
What is WannaCry?
WannaCry is a piece of ransomware that is also known as WannaCrypt (as well as WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2). What it’s called isn’t as important as what it does.
What’s been so devastating about WannaCry is how quickly it spread. Leveraging a vulnerability in Windows with the worm-like exploit called EternalBlue (which originated with the USA’s National Security Agency, but was made public by the Shadow Brokers hacking group), WannaCry exploits a flaw in Microsoft’s network file sharing protocol. It seeks out other vulnerable computers on the network to infect, which allows it to spread at an exponential rate.
The ransom for WannaCry starts at $300 in Bitcoin (the untraceable online crypto-currency), but as time goes on the amount required to unlock your files increases. (With more than 200,000 computers infected, that potentially represents $60 million in ill-gotten gains.)
Doesn’t my anti-virus software protect me?
Using quality anti-virus and anti-malware software is absolutely vital to a strong data protection plan. However, it is important to recognize that new ransomware threats cannot be stopped by those solutions. Here’s why.
Anti-malware programs work by comparing any unknown program trying to run on your computer against a list of known threats that security researchers have already identified. That helps avoid known malware threats, but it doesn’t account for so-called zero-day exploits: malware that exploits vulnerabilities that have not yet been discovered by the security community.
WannaCry used a zero-day threat to exploit a Microsoft vulnerability that had only recently been uncovered. Microsoft issued a software patch to close that hole, but not all its customers had gotten around to installing it. The combination of unknown threat (invisible to signature-based anti-malware measures), unpatched vulnerability, and very effective replication led to the WannaCry pandemic.
How to defend/protect against WannaCry?
Security experts recommend four steps to help safeguard your computer from being infected by WannaCry.
- Make sure your computer’s software up to date. Just before the ShadowBrokers hacking group revealed the vulnerability, Microsoft released a patch for the exploit, known as MS17-010. That alone was newsworthy, since Microsoft was patching operating systems that it no longer supported, but clearly a lot of individuals and organizations did not download the patch. In order to avoid infection, immediately confirm that your system software is current.
- Create a full image backup of your system, ideally using a secure backup solution with active ransomware protection. A full image backup includes everything, including files, folders, programs, operating system, and system settings. If your computer becomes encrypted, you can simply restore your system in a matter of minutes.
Since WannaCry also infects backup files, you’ll want to use backup software with active ransomware protection in order to safeguard both your system and your backup files. If your backup solution only offers reactive ransomware monitoring – analyzing newly backed up files – that is not enough.
- Regularly download updates for your anti-malware software to ensure its signature database is up-to-date. That will protect you against already-discovered threats.
- Be alert to how criminals try to get malware on your system. Most viruses get onto your computer when you click on a link or open an attachment in a malicious email that is designed to look safe and lull you into a false sense of trust. You can also pick up infections from malicious online ads and by visiting dubious websites (think illegal or questionable content), as well as infected USB drives. There’s a whole segment of the criminal underground whose sole job is to figure out how to get you to lower your guard and open your door to them. Be wary online.
To protect yourself from the next ransomware attack, you should contact GDK to discuss how you and your computer systems can be protected using the latest Anti-Virus Software with active ransomware protection to ensure your system is protected.
What to do if I’m infected by WannaCry?
If your computer is already infected, it may be too late, but here’s what the experts recommend. Firstly, do NOT click on “decrypt” or “check payment.” Paying the ransom doesn’t always work: one in five users who pay never get the promised remedy. After all, you’re dealing with criminals on the other end of the transaction.
If you can, download and install the patch from Microsoft.
If you have an isolated backup of your system – one that was not connected to the infected computer, like a cloud backup – you can restore your infected files. But keep in mind that WannaCry will try to infect backup files as well, so if you only have a backup on a local drive, you might be out of luck.
There are real benefits to implementing a proactive GDK IT Care Plan to manage your security concerns. You are most welcome to call or email us to discuss your concerns and to investigate how GDK could help you.