WannaCry ransomware is a serious problem which has infected 10’s of thousands of computers and caused a lot of serious damage to services. For example WannaCry infected NHS Trusts across the UK which caused major problems all the way to forcing infected hospitals to divert ambulances to other hospitals. Ransomware in general is a serious problem that can be resolved by always keeping your computer fully patched, use strong antivirus and keep it updated as well as having a hardware firewall to protect you on the network level. Yes Microsoft resolved the exploit in a March patch. Did that hep? yes it did, it helped only the people who patched their computers and the fact 10’s of thousands of computers have been infected all around the world shows you not everyone regularly maintains their computers. This is a serious problem, exploits will always exist and be continuously resolved with patches and for that computers and servers need to always be updated.
WannaCry ransomware encrypts over 150 file types from simple Word and Excel documents to SQL (database) files. Bottom line is that you need the following:
- Keep your computers and servers fully updated.
- Use a strong antivirus and keep it updated.
- Use a strong firewall with advanced protection to protect everyone on the network level.
- Spread user awareness by asking staff and colleagues not to open any attachment with the extensions .zip, .rar, .exe or .bat and not to click on any links in emails without being 100% sure they need to click on it.
- Ensure you have a solid disaster recover plan and test it periodically. To ensure your backups can handle environmental disasters as well we recommend using ioSafe products which we currently use for our clients.
UpdateL June 28th 2017
A new ransomware named GoldenEye is now using the same exploit WannaCry used and is causing serious damage. Companies that have not patched their computers are advised to do so as soon as possible. Please follow the above notes to protect your network.
Ukraine: “As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations,” the central bank said in a statement.”
Russia: Russia’s Rosneft, one of the world’s biggest crude producers by volume, said its systems had suffered “serious consequences” from the attack. It said it avoided any impact on oil production by switching to backup systems.
BitDefender, a security firm:
“There is no workaround to help victims retrieve the decryption keys from the computer”.
“The email address that was used by the threat actors to get payment confirmations has been suspended by Posteo. This means that all payments made overnight will be unable to get validated, and therefore will surely not receive the decryption key. Not that we have ever advised otherwise, but if you’re planning to pay the ransom, stop now. You’ll lose your data anyway, but you’ll contribute in funding the development of new malware. Even so, there have been 15 payments made after the suspension of the e-mail address. The wallet now totals 3.64053686 BTC out of 40 payments, with a net worth of $US 9,000.”
CompuFix can help with ransomware. We use a strong combination of best-in-class antivirus and network firewalls which have blocked 10’s of thousands of threats to date. Contact us today to see how partnering with CompuFix will benefit your company.