As you may be aware, a serious and vicious piece of malware made its rounds over this past weekend. It goes by many names, WannaCrypt, WannaCry, or Wncry, but the fact of the matter is it has already infected over 200,000 computers across more than 100 countries. Any un-patched computer may still be vulnerable to WannaCrypt and any of its variants. Researchers have announced that WannaCrypt 2.0 is beginning to spread along with other variants.
These all fall into the category of malware known as ransomware.
The malware will encrypt files on the computer and then display a message demanding a ransom be paid before restoring access to these files. WannaCrypt, in particular, has demanded users shell out $300 to $1,000 in Bitcoins to regain access to their systems. This will effectively render the computer useless until the ransomware is removed and the files restored from backup.
As everyone may not have complete or any backups, this type of malware can be devastating to a business as the files may not be recoverable, potentially losing days, weeks, months, or even years of work.
How does this happen?
Ransomware has been around for years. This began in 1989 but, throughout the years, has developed into complex malware. However, WannaCrypt is particularly difficult because the attackers gained their resources from a NSA leak. WannaCrypt took advantage of a hole in Windows Server Message Block connections, which are used to transfer files and data between authenticated computers.
The primary delivery method of WannaCrypt ransomware is through email. Be extremely cautious of any email you receive with an attachment even if the sender is known to you. If there is an attachment, especially a .zip file, delete the whole email and never open the attached file. Remember: “When in doubt, throw it out!”
Wannacrypt does not discriminate. Businesses like FedEx and Renault, various universities worldwide, hospitals across Europe, and even Russia’s Interior Ministry and telecommunications company, Megafon, were all hit by WannaCrypt. Patches have been made by Windows but it is extremely likely that similar ransomware will strike again.
How to prevent a ransomware attack.
Intellithought can assist with making certain the machines on your network have the appropriate Microsoft patches that close the security hole currently being exploited by WannaCry and its variants. Services range from a Basic security package for personal users, to Real-Time Monitoring for bigger companies and businesses.
We also provide Intellithought Phoenix which can provide effective patch management and anti-virus/anti-malware to protect against malware such as WannaCry. Phoenix will allow Intellithought to make certain that the computers on your network have the most up to date security patches and are running up to date anti-virus/anti-malware software. Contact Us to receive more information on Phoenix.