WannaCry Ransomware

May 15, 2017

Over the past 72 hours, a massive ransomware attack occurred affecting businesses, government organizations, and individuals in well over 100 countries. The ransomware – called WannaCry (also called WannaCrypt) – encrypts the victim’s hard drive and demands a ransom, paid in the virtual currency bitcoin, equivalent to approximately US$300. IDShield strongly recommends organizations and individuals take action to reduce your risk and prepare for inevitable future similar attacks.   What is Ransomware? Ransomware is a type of malware; once executed on a computer system, it seeks to encrypt a wide range of files, denying the user access, and effectively holding the files “hostage” in return for a monetary payment – a ransom. It prevents users from accessing their computers, files, or mobile devices by holding them for ransom. Users are typically expected to pay high ransom amounts to get access back to their data. Many times, the ransomware will falsely claim that the user has committed a crime with their computer, and that they are being fined by the police department or a government agency.   What is WannaCry? WannaCry is a recent variation of ransomware. It is installed on Windows computers via a worm that spreads across networks by exploiting a vulnerability in Microsoft’s SMB file-sharing services. It specifically abuses a bug that Microsoft patched in March 2017 for modern versions of Windows. Microsoft has also released emergency security patches to defend against the malware for unsupported versions of Windows, such as XP and Server 2003. Here is more information from Microsoft.   How can I avoid ransomware? Best practices to avoid Ransomware include the following safe browsing and email habits: Never respond to spam emails. Open only known or expected attachments. Do not click on links in emails. Always copy and paste links to a browser. Avoid using your email account to register for random or short-term services. Install a strong, updated anti-virus program. Keep your personal devices updated with the latest security patches.   One key thing to do is to back-up your important files either to an external hard drive or an internet/cloud service. With a separate backup of all of your important files, you can still retrieve your information if you are hit by ransomware.   What if my computer gets hit ransomware?                                                    Let’s assume the worst has happened, and you find your computer’s files are locked tight due to ransomware infection. If this happens, stay calm, and consider these actions: Power down. Disconnect your computer from the internet immediately, and power down the computer to prevent any losses until you can figure out how to fix the problem. Look for help from credible sources. If you’ve been hit by a well-known ransomware variant, you may be able to find helpful information online. Cybersecurity experts have been cataloging ransomware for many years, and some have created websites that offer instructions on how to apply decryption keys and get the ransomware off your computer. Restore factory settings to eliminate the problem. Another way to get rid of ransomware is to restore the device to original factory settings. This will wipe the device clean. This option will result in the loss of your programs and files – hence the importance of creating and maintaining backups of all important files. Get hands-on help. If your knowledge of computers is minimal and you think you will have difficulty taking steps to rid your computer of the problem, take it to a computer specialist who can fix the problem for you; the store or website where you bought the computer may offer this service as well.