It seems like everywhere I go this week people are talking about “the worm”. From my Dentist to baseball practice, everyone wants to know how to be protected. If you’ve been out of the loop, last Friday, May 12, unknown hackers carried out one of the biggest cyberattacks to date, spreading of the worm dubbed WannaCry, a “ransomware” that locked up more than 200,000 computers in more than 150 countries. This attack, spread via email, was allegedly stolen from the National Security Agency and it only affects Microsoft Windows systems. Once WannaCry enters a PC or Server, it locks all the files. The attack is particularly dangerous for businesses, as it takes just one employee for the attack to spread in the entire network, without any user interaction. The hackers then asked users to pay hundreds of dollars in ransom to unlock their data.
Our best advice… first, stay skeptical of any unknown or unexpected email and attachments. Education for you and your team is the best first step.
Next, make sure your servers and computers all have the latest updates. The good news on this particular ransomware is that Microsoft has provided a security update that provides protection against this potential attack. If you use their free anti-virus software and have Windows Update enabled, you should be protected. However, if your patching is inconsistent or if you have outdated operating systems, you likely have computers that are vulnerable. Microsoft has taken the “highly unusual” step to provide public patches for Windows operating systems that are in custom support only. This includes specific fixes for Windows XP, Windows 8, and Windows Server 2003.
Lastly, make sure you have implemented a data back-up and recovery plan to maintain copies of your data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks. Test your backups regularly to ensure they work correctly upon use.
So what do you do if you already clicked on a suspicious email? If an attack is suspected or detected in its early stages, unplug and shut down the infected computer. The attack is likely going to warn you not to “disconnect from the Internet or turn off the computer – don’t listen! Unplugging your computer may save some of your files. If you suspect that the attack has been downloaded, remove the infected computer from the network immediately and seek assistance.
Luckily, WannaCry was stopped by a security researcher who found the malware connected to a specific domain that wasn’t registered. He bought the domain for $10, and that effectively activated a kill switch and ended the spread of WannaCry. Nevertheless, we may not have seen the end of WannaCry, we’ve already heard rumblings of variants of WannaCry beginning to make the rounds. Stay vigilant, make sure your patches are updated and call for help if you need it!