WannaCry Ransomware Attack: What You Need to Know

/

Since being unleashed on 12 May 2017, the WannaCry Ransomware attack has become the largest ransomware event in history, crippling 200,000 computers in more than 150 countries. While it was briefly slowed (accidently, as it turns out) by a British security expert, criminals have since updated the malware. It continues to spread at an alarming rate.

A lot of media attention has focused on the organizations affected by WannaCry – notably FedEx, Nissan, Spain’s Telefonica, Britain’s National Health Service, the Russian Interior Ministry, and Germany's rail network. Maybe reporters assume multinational corporations and branches of government have been vigilant and are better at keeping their computer systems up-to-date. (Turns out, they aren’t.)

But for individuals, families, and small office/home office users, WannaCry and other ransomware programs continue to pose a serious threat to their data ... even if the impact on consumers doesn’t receive the same media attention.

What is Ransomware?

Ransomware is a particularly vicious type of malware that infects your computer, blocks you from accessing your data, and demands a ransom in order to regain control of your files. Typically, ransomware will encrypt all of the files and then post a message that promises to decrypt the files if the ransom is paid … or destroy them if not.

What is WannaCry?

WannaCry is a piece of ransomware that is also known as WannaCrypt (as well as WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2). What it’s called isn’t as important as what it does.

What’s been so devastating about WannaCry is how quickly it spread. Leveraging a vulnerability in Windows with the worm-like exploit called EternalBlue (which originated with the USA’s National Security Agency, but was made public by the Shadow Brokers hacking group), WannaCry exploits a flaw in Microsoft’s network file sharing protocol. It seeks out other vulnerable computers on the network to infect, which allows it to spread at an exponential rate.

The ransom for WannaCry starts at $300 in Bitcoin (the untraceable online crypto-currency), but as time goes on the amount required to unlock your files increases. (With more than 200,000 computers infected, that potentially represents $60 million in ill-gotten gains.)

Doesn’t my anti-virus software protect me?

Using quality anti-virus and anti-malware software is absolutely vital to a strong data protection plan. However, it is important to recognize that new ransomware threats cannot be stopped by those solutions. Here’s why.

Anti-malware programs work by comparing any unknown program trying to run on your computer against a list of known threats that security researchers have already identified. That helps avoid known malware threats, but it doesn’t account for so-called zero-day exploits: malware that exploits vulnerabilities that have not yet been discovered by the security community.

WannaCry used a zero-day threat to exploit a Microsoft vulnerability that had only recently been uncovered. Microsoft issued a software patch to close that hole, but not all its customers had gotten around to installing it. The combination of unknown threat (invisible to signature-based anti-malware measures), unpatched vulnerability, and very effective replication led to the WannaCry pandemic.  

How to defend/protect against WannaCry?

Security experts recommend four steps to help safeguard your computer from being infected by WannaCry.

  1. Make sure your computer’s software up to date. Just before the ShadowBrokers hacking group revealed the vulnerability, Microsoft released a patch for the exploit, known as MS17-010. That alone was newsworthy, since Microsoft was patching operating systems that it no longer supported, but clearly a lot of individuals and organizations did not download the patch. In order to avoid infection, immediately confirm that your system software is current.
     
  2. Create a full image backup of your system, ideally using a secure backup solution with active ransomware protection. A full image backup includes everything, including files, folders, programs, operating system, and system settings. If your computer becomes encrypted, you can simply restore your system in a matter of minutes.

    Since WannaCry also infects backup files, you’ll want to use backup software with active ransomware protection in order to safeguard both your system and your backup files. If your backup solution only offers reactive ransomware monitoring – analyzing newly backed up files – that is not enough.
     
  3. Regularly download updates for your anti-malware software to ensure its signature database is up-to-date. That will protect you against already-discovered threats.
     
  4. Be alert to how criminals try to get malware on your system. Most viruses get onto your computer when you click on a link or open an attachment in a malicious email that is designed to look safe and lull you into a false sense of trust. You can also pick up infections from malicious online ads and by visiting dubious websites (think illegal or questionable content), as well as infected USB drives. There’s a whole segment of the criminal underground whose sole job is to figure out how to get you to lower your guard and open your door to them. Be wary online.

To protect yourself from the next ransomware attack, you should contact GDK to discuss how you and your computer systems can be protected using the latest Anti-Virus Software with active ransomware protection to ensure your system is protected.

What to do if I’m infected by WannaCry?

If your computer is already infected, it may be too late, but here’s what the experts recommend. Firstly, do NOT click on “decrypt” or “check payment.” Paying the ransom doesn’t always work: one in five users who pay never get the promised remedy. After all, you’re dealing with criminals on the other end of the transaction.

If you can, download and install the patch from Microsoft.

If you have an isolated backup of your system – one that was not connected to the infected computer, like a cloud backup – you can restore your infected files. But keep in mind that WannaCry will try to infect backup files as well, so if you only have a backup on a local drive, you might be out of luck.


There are real benefits to implementing a proactive GDK IT Care Plan to manage your security concerns. You are most welcome to call or email us to discuss your concerns and to investigate how GDK could help you.

 

Benefits of adding additional Memory to your Servers

/

Memory is what feeds processing cores, it’s one of the most effective and affordable ways to improve CPU utilisation and efficiency.
There are huge benefits of adding additional Memory(RAM) to your Servers that include:

  • It’s the fastest, easiest, most dependable way to increase Server performance
  • When CPUs are fully utilised, you will be able to use fewer Servers to accomplish more
  • Fewer Servers keeps power, cooling, and software licensing costs lower
  • It’s one of the best ways to cut costs and overcome workload constraints.

Additional Memory helps overcome 5 top server workload constraints:

  1. Limited budget: More memory helps increase CPU efficiency and utilisation, which in turn decreases a server’s cost of ownership because users are getting more performance out of it and are able to use fewer servers to accomplish more.
  2. Unexpected or unpredictable workload demands: More RAM helps eliminate quality of service variance because it provides extra resources for virtualised applications to store and use active data, which lives in memory.
  3. Limited floor space: Scaling up and using less servers optimises limited floor space and cuts power, cooling and software license costs.
  4. Rapid growth in user base: Hosting more users requires more RAM to maintain quality of service levels and gain system flexibility.
  5. High power and cooling costs: More RAM helps servers use power in the most efficient manner plus using fewer servers lowers total energy costs.

The bottom line:
Improve workload performance with more Memory, not necessarily more Servers

For more information, please contact us to discuss how we can help.

11 Tips on Internet Security

/

In recent times, the GDK Helpdesk has experienced a significant rise in Internet threats and in particular with Ransomeware such as Cryptolocker and Xepto. In most cases the solution to this problem was to restore from the last known good backup. GDK are taking this opportunity to remind our clients and our contacts of some of the best practices in relation to Internet and eMail usage. We are also making some suggestions below in relation to the Multi layered security approach that is now required to ensure a successful IT business continuity Plan.

  1. Use a Managed Antivirus product & and ensure it is active and up to date on your Servers, workstations, PC's and Tablets.
  2. Be careful of opening  emails from both known and unknown sources that look suspicious.
  3. Think twice and remain critical when opening attachments in e-mails or files downloaded from the Internet.
    Ask yourself if you trust the source and if they would send you this type of Email in the first place. Email addresses from the sender may be fabricated to look like yours.
    Never click links in emails or texts that seem to come from your bank, the Revenue or any other institution. If you think the message might be valid, log into your account directly, without using the supplied link.
  4. Be cautious with your passwords; don't use personal names, don't share them, make them difficult to break, use complex passwords. Implement a password change policy.
  5. Avoid using the internet to access your sensitive data in cafes or public places.
  6. Never leave your devices unattended.
  7.  Keep all software applications up-to-date with the latest patches including Microsoft Operating Systems
  8. Disable Java on your browser.
  9. Nothing is free. Be particularly careful of the source for free apps or software.  
  10. Don’t trust anything on the internet (even legitimate Web sites could end up delivering malware).  
  11. Back up your Data on all devices– not just your computer, but also your phone and your tablet ideally in both a local and cloud destination. Test the restore capabilities on a regular basis

What should Business Clients do?

  • Implement a robust data recovery procedure
  • Implement a multi layered security approach that would include:
    • Mail Protection (Includes anti-spam)
    • Server & Work Station Antivirus with up to date bit patterns
    • Implement a Workstation Management Policy which manages the Patch updating from all software applications.
    • Implement Web Protection on all workstations to avoid access to known malware internet sites
    • Insist on Firewall protection with additional security at the gateway for Antivirus, Anti Spyware and Intrusion prevention.
    • Configure your firewall to ensure remote users are who they say they are.

Call GDK for further information and how we have successfully implemented our Business IT Care plan for many clients.