PSA: Everything you want to know about the WannaCry ransomware


David Meego - Click for blog homepageCybersecurity is back in the news this week.

The WannaCry ransomware or crypto-virus has infected many computers around the world and highlighted that the threat of scams, viruses, trojans, worms and ransomware is very real and that you need to be forever vigilant to keep your systems and your data safe.

In this article I want to remind everyone of some easy and simple ways to keep yourself safe.

The story of the WannaCry ransomware is interesting as it starts with an exploit found when NSA hacking tools were leaked earlier this year. After the exploit was identified, Microsoft quickly patched it in all supported versions of Windows back in March 2017.

So all the computers running supported versions of Windows and kept up-to-date by Windows Update were safe even before the ransomware was released into the wild. The problem is those consumers and companies that are still running old versions of Windows, especially Windows XP as well as companies and users that stop Windows Update from keeping the systems secure.

So enter the WannaCry ransomware which spread like wildfire amongst unprotected machines, encrypting their data and documents and demanding a payment to recover the files with the added time incentives to increase the ransom and the threat to permanently delete the files.

The damage from the virus has been slowed now due to a security researcher, MalwareTech (@MalwareTechBlog), identifying that the virus called out to a specific internet domain. The domain was not registered, so he registered it and realised that the virus stopped activating if the domain was found. It still spreads, but does not encrypt the infected machine’s data. By accident, he stopped a global cyber attack (see How to Accidentally Stop a Global Cyber Attacks). Also, in an unprecedented move, Microsoft released Windows Updates for unsupported operating systems to fix the issue in Windows XP and Windows Server 2003.

For a complete run down, please have a read of the great blog article by Troy Hunt MVP. You might know of Troy from his great Have I Been Pwned site (see PSA: ‘;–have i been pwned).

So now you have some background on the issue, what can you do to stay safe? This is advice for companies as well as individuals:

  • Update your Operating Systems. Make sure you stay on a supported version of Windows, or even better on the latest version of Windows which is the most secure. In short, stop using Windows XP and get all your machines upgraded to Windows 10. For companies complaining about the costs of upgrades, what are the costs of losing all your data?
  • Make sure that Windows Update is running and keep your machines updated with the latest security patches and driver fixes.
  • Have an anti-virus installed and keep it up to date. I just use Windows Defender that comes with Windows. Sadly, anti-virus programs often cannot protect from these sorts of attacks.
  • Don’t open suspicious emails or open attachments. Most successful attacks and hacks in recent years have not been from viruses or trojans. They have been because users were tricked by phishing and social engineering scams into giving their credentials away on fake websites or executing malicious software.
  • Finally and most important…. BACKUP. You must have your data (photos, documents, music) backed up to an external drive that is not always connected to your machine. Better still use two or more drives and rotate them offsite. Cloud storage is good, but it is usually synchronized and so still at risk from ransomware, see Backups and Cloud Storage.

Just a side note, it is not always malicious software that is a problem. Last week I received a Facebook friend request… from someone who was already a friend. Looking at the profile, it had a profile picture but no more information, no other pictures, postings or history. I contacted this friend via phone and she said it was not her. This was a scammer spoofing my friend in an attempt to fool her friends. My friends’ account had not been hacked, her password was not cracked, her account was locked down to friends only. The scammer was still able to fool a number of people, until we reported the account and got it shut down. We posted on the real account to explain what was happening and warn friends and we changed the Facebook password as a precaution.

For more information see:

Keep safe. There are a lot of a#%@holes out there.

David

15-May-2017: Added link to Microsoft article brought to my notice by Beat Bucher, as well as other related articles.

16-May-2017: Updated details to describe how registering the domain name stops the ransomware from activating, but does not stop it spreading. Added more links from Microsoft.

This article was originally posted on http://www.winthropdc.com/blog.

Advertisements

3 thoughts on “PSA: Everything you want to know about the WannaCry ransomware

Please post feedback or comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s