Like many technology consulting firms, our customers had many questions after the WannaCry ransomware attack. For this article, I consulted Josh Newman, a Senior Associate at Manawa, because of his extensive experience advising, diagnosing and resolving customer issues in data security, malware and viruses.
What is WannaCry / WannaCrypt?
The “WannaCry” ransomware attack started on May 12, 2017 and became an international news story because it quickly infected more than 230,000 computers in over 150 countries.
While ransomware has been around for a number of years, the WannaCry variant is quite viral and spread quickly amongst unpatched and older Microsoft Windows systems as soon as the outbreak started.
What is Ransomware?
Ransomware is defined as malware or malicious software that is designed to silently lock or “encrypt” files on your computer or network without your knowledge. The software then demands payment in exchange for a program that unlocks your encrypted data, making it visible and functional again.
This unlocking is done through an anonymous, untraceable and universal currency called Bitcoin. Unfortunately, it can be difficult to reverse the damage done without either reverting to backups or paying the ransom (often ranging from $300 to $1000+). There is no guarantee you will be able to recover any or all of your files even after paying the ransom.
Ransomware is effective because it often arrives via an infected email attachment, like a Microsoft Word or Excel document, appearing to be from someone you know. Once you open the attachment on a vulnerable computer, it starts to run and can lock the files on your computer and network server without your knowledge.
If you pay attention to one thing in this article, it is this: DO NOT click or open any unexpected attachments from ANY email – even if you recognize the sender – it could permanently lock the files on your computer and entire network.
Here are five tips you can follow to protect yourself against Ransomware:
1. Update Windows security updates immediately
The WannaCry ransomware affects Microsoft operating systems including newer Windows 7 & 8 and older versions of Vista, Windows XP and Windows Server 2003. The security updates for these operating systems can be found here.
If you have a more recent version of Windows, you will be protected from WannaCry as long as the most up-to-date security updates are installed. More recent versions of the Windows operating systems include Windows 10, Windows 8.1, Windows 7, Windows Server 2008, Windows Server 2012, and Windows Server 2016. The security updates for all Microsoft operating systems are here.
2 Enable or turn on automatic software updates
All software has bugs and vulnerabilities. Software developers like Microsoft must release software and security updates regularly for operating systems and software applications.
Always keep automatic updates turned on for computers and mobile devices to minimize exposure to a breach. This allows for computers and devices to be updated quickly and usually automatically as soon as updates and patches become available.
3 Scan suspicious files and email attachments online
The most important lesson from the WannaCry ransomware outbreak is to always be diligent and extremely careful when opening ANY and ALL email attachments.
If you are suspicious of a file or link that was sent to you, you can scan it using an online anti-virus service. One example is VirusTotal, a free online service that analyzes suspicious files and URLs and quickly detects viruses, works, trojans and most types of malware. It scans files, URLs, domains and IP addresses using 40+ different antivirus scanners.
If you receive an unsolicited email from someone you know or don’t know and it has an attachment (often claiming to be something important), always double check before opening. If you are unsure you can forward the email with the attachment intact to firstname.lastname@example.org and replace the subject with the word SCAN. You will receive a report if the attachment is clean or not.
4 Back up your important files
Ensure important files are being saved to your network shared or personal folder(s). If you have a stand-alone computer, ensure files are backed up to an external backup disk drive or to an online cloud-based backup service. Note that many variants of ransomware can infect external backup hard drives – so ideally disconnect these drives when not in use.
For Manawa customers on a Managed Service Agreement, there are a number of safeguards on your computer system and network to reduce the exposure to malware and viruses. However, nothing is 100% safe and the best protection is common sense and double-checking before opening ANY email attachment or clicking ANY link received via email.
5 Install anti-malware software
If you have up-to-date anti-virus software installed on your computer, it may not detect all forms of malware. There are almost 12 million new malware variants discovered every month with more newer malware in the past two years than the previous decade.
If you are running Windows 10, it comes with Windows Defender, which has new security features to detect and prevent viruses and malware from infecting your PC. Unfortunately, the default settings are not optimized for security. For information on how to further optimize Windows 10 security, please visit this Windows 10 tips page here.
Additionally, Malwarebytes Anti-Malware is a reputable free security tool. It complements your anti-virus program and does an excellent job of detecting malware variants that often go undetected with other tools. Malwarebytes or similar Anti-Malware software adds an extra layer of protection beyond using an anti-virus program alone.
Can you get WannaCry Ransomware on your phone?
The current form of WannaCry ransomware is a Windows Desktop Operating System specific malware. It is designed to infect Windows Systems and files and is not a threat to mobile operating systems like Android and iOS. However, the lesson from above is to always take precautions regarding suspicious links in emails or email attachments. If you have any doubt, do not click or open.