Everything You Need to Know About “WannaCry”


Imagine going into work next Monday, and booting up your Windows computer, only to find this message:

Many of your documents, photos, videos, databases and other files are

no longer accessible because they have been encrypted…if you want

to decrypt all your files, you need to pay. You have three days

to submit the payment. After that the price will be

doubled. If you don’t pay in seven days you will lose

your files forever.

That’s what happened to hundreds of thousands of computers this week. On Friday, May 12, a global ransomware cyber attack hit, affecting computers in 104 countries. The effects included:

  • In the United States, FedEx was reportedly affected.
  • In Spain, telecom and gas companies were hit.
  • In the UK, at least 16 hospitals had to divert patients from their ERs as multiple computer systems locked up.
  • In France, carmaker Renault reported factory shutdowns as the virus halted production.
  • Russia’s interior ministry said 1,000 government computers were disrupted.

It was one of the biggest cyber attacks to date. The malware, or computer virus, has been called WannaCrypt, WanaDecrypt, and WannaCry. The virus spread via a file sharing vulnerability in Windows. Microsoft issued a patch to plug this security breach back in March, but older machines didn’t support the security patch.

On Monday, BBC News reported that approximately $70,000 had been paid to the cyber terrorists.

What’s Ransomware?

Wannacry Ransomware.jpgRansomware is the latest malware that locks your precious files and requires you to pay to retrieve them. It installs an extortion message on your screen, usually with a ticking clock, telling you to pay the ransom or your files go kaput. Ransomware causes the following troublesome effects:

  • You will not be able to run any programs on your computer, except the one that allows you to cough up the cash.
  • Encrypts your data so you can’t open it.
  • Stops you from browsing the Internet.
  • Halts any non-essential programs that were running when the infection occurred.

Usually, you pick up this virus through file sharing or clicking on a link that you shouldn't have. Oops.

Kaspersky Lab says ransomware isn’t just a virus – it’s an epidemic of global proportions. The Ponemon Institute reported that by the fourth quarter, 2016, there were more than 4,000 ransomware attacks every day. In 2015 the figure was 1,000 attacks per day.

In 2016, cyber bullies started targeting American hospitals to reach sensitive patient data. Some hospitals have paid the ransom.

Krebs on Security points out that these types of viruses are designed to instill fear so that you feel compelled to pay the ransom. However, experts say, "Don't do it."

Despite this, ZDNet reports the majority of companies pay, but with mixed results. Cyber criminals are, after all, criminals, so there is no guarantee that paying the ransom will decrypt your files.

How to Protect Your Business After WannaCry

It’s well past time for businesses, whether small or enterprise-level, to begin having a consistent dialogue about the risk of cyber terrorism. Business leadership should take an active interest in what should be an evolving, proactive plan for network security. Company executives and information technologists must now join together in dialogue around how the technology we’re so dependent upon is heightening our vulnerabilities for cyberattacks.

Here are four key security initiatives to undertake in preparation for the next round of malware that is surely coming soon:

1. Get Patched Up

Microsoft has now offered a patch for anyone running Windows XP, Windows 8, and Windows Server 2003. Click here to see the alert and download the patch.

2. Upgrade

If you're still running an old operating system, it may be time for an upgrade. Many businesses are still operating on legacy platforms. If you’re still running XP, it might be time for an upgrade. Investing in firewalls, malware protection, and encryption, are part of creating a fully secure network. But it also means planning for redundancy, backups, and crisis recovery.

3. Train Staff on Safe Computing

Most of these viruses are launched because an unsuspecting person in the organization is tricked into opening a file or clicking a link. Security education is a vital part of keeping your network safe.

4. Let the Pros Handle It

An IT managed service provider can proactively monitor the security of your network 24/7. The threats are constantly evolving, so having an external security expert can help your organization stay proactive in the fight against cybercrime.

How Can I Protect Myself?

According to the FBI, the latest round of ransomware attacks have been geared more toward business than individuals. This doesn’t mean you should breathe a sigh of relief. One click of the wrong link and you could find yourself a victim of ransomware.

Run backups

A Carbonite study showed, while the majority of companies that fell victim to ransomware paid up, the ones that didn’t have full backups of all their files. These backups should not be connected to the computer you’re backing up.

Look at the link

The best protection from any malware is to never click on a link or download a file from an email user you do not know. Hackers have gotten very savvy. You may get an email that seems to be from your credit card company. But always scrutinize the email link to determine if it's legitimate. Better yet, call the company to see if the email is real.

Be Careful With Downloads

Do you really want to download that free software? Are you sure it’s from a site you can trust? Make sure you are carefully considering the source before downloading any files from the Internet. The risks are real.

Preparing for the Next WannaCry

Ransomware attacks impact businesses and individuals. Service disruption, and data and financial loss can all result from these attacks. Moving forward from WannaCry means taking security seriously – before the next cyber attack is launched.

CWPS offers a four-part Defense-in-Depth Strategy for proactively preventing cyber security breaches. Contact us today for a confidential assessment.

Guide to Keeping company's data safe

Second Wave of Ransomware Expected to Hit Businesses

Over the weekend, “WannaCry” a malicious worldwide ransomware attack crippled hundreds of thousands of end-users and organizations including hospitals, universities, manufacturers and government agencies in countries across the world.

"WannaCry," took advantage of a vulnerability known as EternalBlue, which exploits the Microsoft Windows SMB protocol. Hackers began their attack by distributing random phishing emails with the virus attached. Once end-users opened the attachment, the virus would encrypt files on their computer and lock them out. Users were prompted to pay a ransom in the form of bitcoins to obtain their data.

The virus, still not contained, has the potential to access multiple systems and computers across the world. Experts have advised individuals and organization to install all available security updates immediately.

WHAT YOU SHOULD KNOW

  • Next-Gen Endpoint Protection is available to predict and prevent WannaCry ransomware for WINDOWS, MAC and LINUX endpoints both online and offline and embedded Windows.
  • Comprehensive patching systems are a must to ensure that the updates cited in the Microsoft Security Bulletin Summary for March 2017 and others, are installed properly.
  • The initial infection vector for WannaCry seems to have been a phishing attack where fake invoices, job offers and lures are being sent to random email addresses. You must protect against the crippling effects of human error.

CWPS CLOUD ASSIST SECURITY FOUNDATIONS

Security You Can Depend On. (4).png

CWPS Cloud Assist Security Foundations provides your organization with the multilayer protection service that prevents, protects and educates end-users from becoming a victim of ransomware.

  • Secure Internet Gateway.The first step toward advanced cyber security is to predict attacks before they happen and expand your threat protection beyond the perimeter by removing your DNS blind spot. Protect your users anywhere they access the internet from ever more sophisticated cyber attackers before they can even launch.
  • NextGen Endpoint Protection. Our next level of defense is to protect your endpoints in the event an attacker does get through. Our next-generation antivirus solution uses an artificial intelligence and machine learning approach to predict, identify and prevent both known and Day Zero cyber threats from ever executing or causing harm to your endpoints.
  • Security Awareness. Finally, we believe one of the greatest ways of protecting your environment is to deploy systematic security awareness training to your employees. All companies have employees who are frequently exposed to advanced phishing attacks and they can become the weak link in your security. We can help companies manage the continuing problem of social engineering.

Contact us for a consultation at connect@cwps.com