What Is It, Who Does It Affect, And What Does It Do?
WannaCrypt is a ransomware program targeting older versions of Windows. The most affected computers are those with Windows XP, Vista, Server 2003, and Windows 8 on them. The newer Windows 10 forces updates by default and Microsoft pushed out an update to mitigate this issue.
On Friday, May 12th, 2017, a large cyber-attack using WannaCrypt (aka WannaCry Ransomware) was launched. This attack ended up infecting more than 230,000 computers in 150 countries. Once a computer is infected with this ransomware, it locks the data (i.e. pictures, videos, documents, and other sensitive files) that is on the computer and demands ransom payments in the form of cryptocurrency bitcoin (see picture below). If the ransom is not paid in time, your data (i.e. pictures, videos, documents, and other sensitive files) will be deleted.
How Did It Spread And How Can I Mitigate The Risk Of Getting It?
This ransomware was being spread primarily by phishing emails (most commonly links or attachments) and as a “worm” on “unpatched systems” (or computers that are not kept up-to-date with their software security). This is why it’s important to keep the software on your computers and systems up-to-date.
Also, keep human behavior in mind as a mitigating factor for virus and malware infections. If nobody in your organization opens a malicious email, that risk is completely mitigated which saves a huge amount of headaches and time.
Who Has This Affected?
This most recent attack affected Telefónica and several other large companies in Spain, as well as parts of Britain’s National Health Service, FedEx, Deutsche Bahn, and LATAM Airlines. Other targets in at least 99 countries were also reported to have been attacked around the same time.
Where Did It Come From?
WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA) to attack computers running Microsoft Windows operating systems.
Slowing The Spread, But…
A patch to remove the underlying vulnerability for supported systems (Windows Vista and later operating systems) was issued on March 14th, 2017. However, delays in applying security updates and a lack of support by Microsoft of legacy versions of Windows left many users vulnerable.
Due to the scale of the attack, to deal with the unsupported Windows systems and to contain the spread of the ransomware, Microsoft has taken the unusual step of releasing updates for all older unsupported operating systems from Windows XP onwards.
Shortly after the attack began, a researcher found an effective kill switch, which prevented many new infections and allowed time to patch systems. This significantly slowed the spread. It was later reported that new versions that lack the kill switch were detected. Cyber security experts also warn of a second wave of the attack due to such variants and the beginning of the new workweek.
What’s Next?
As always:
- Be sure your Windows is up-to-date. Windows XP users should consider upgrading where possible. The vulnerabilities for that operating system will not go away.
- Don’t click on questionable links in an email (especially from someone you don’t know).
- Don’t open questionable file attachments (especially from someone you don’t know).
- Regularly back up your data (i.e. pictures, videos, documents, and other sensitive files). You can back up your data to the cloud, or another drive.
Need Help With Keeping Yourself Protected And Secure?
We’re here to help and can assist with various tasks. One of the first things we can do to help is to analyze the current condition of your computers, servers, and other devices with a no cost, no obligation, free IT assessment.
After the assessment, we can patch your systems and keep them up-to-date on an on-going basis. If you’re looking for better protection, we also provide antivirus and anti-malware protection (we’ll keep that up-to-date as well).
For the best protection, we recommend to stay backed up to the cloud as well. This keeps you extremely protected from many types of disasters or unpleasant events. We’re happy to assist with that too.
*See more details at: https://media-moon.com/managed-service-provider-msp/
