WanaCrypt0r – Will Make You WannaCry

This ransomware targets computers running on unpatched or unsupported versions of Windows. Once a PC is infected, it then scans for all other vulnerable computers on the same network. In March of this year, Microsoft applied patches to its currently supported operating systems but due to the cessation of support for older operating systems such as Windows XP, many machines were left wide open to this exploit. Whilst ransomware is nothing new, this particular variant is outstanding due to the incredible speed that it spreads as well as the high profile targets it’s aimed at. It uses strong RSA-2048 encryption which makes it next to impossible to decrypt.

At the time of writing this, reports of over 250,000 computers across 150 countries have been affected. The victims have been hospitals, telecommunications, courier services as well as many others. 
In Australia, only a few instances have been reported however it’s still early and now that Monday is upon us, we are certain there will be a great deal more. 
The question has been raised as to why so many computers have fallen victim to this attack but the answer is simple: many organisations as well as users have not caught up with security updates and security practices. A great many number of PC’s in business environments as well as homes are not only still running an unsupported Microsoft operating system, (namely, Windows XP) but are not ensuring that Windows Updates are being applied.

We know that thanks to the quick thinking of a MalwareTech researcher, this current wave of attacks by WannaCry were thwarted by the registering of a website domain (hidden in the malware) which brought the spread of the ransomware on a system to a halt. Registration of this website created a ‘sinkhole’ which redirected traffic from the infected computers to a self-controlled system. That said, the threat is far from over. WannaCry, as with other ransomware and malware, was spread in the usual ways long before this and will continue to do so in the future.

Now that the bad actors are aware of the flaw you can guarantee that they will be re-writing, re-working and re-deploying this ransomware as soon as possible. 
This means it’s time to suit up and protect your assets.

 

What You Need To Do

If you aren’t already and still haven’t done so, make sure your PC’s are up-to-date. Don’t assume that they are or that you in particular are safe because believe it or not, ransomware does not discriminate.

If you are running Windows 10, you are generally safe as the particular vulnerability that WannaCry targets exists only in older version of Windows.
For users running Windows Vista, Windows 7 or Windows 8.1, if your PC has been regularly updated it will have already installed the update that contained the patch, back in March. Businesses running Windows Server 2008, 2008 R2, 2012, 2012 R2 or 2016 will have also received the patch.
If you aren’t sure or you know that your system is behind, you should update immediately. The patch that applies directly to this vulnerability is MS17-010. Patches can be found at the bottom of the Customer Guidance for WannaCrypt Attacks post by Microsoft.

Educate your employees and yourself in the best practices for computer security. Knowing what not to click or open should form the basis of any staff training where the use of a computer is involved in a day-to-day job.

 

Is Up-To-Date Patching Enough?

Patching only provides a ‘patch’ over the ‘hole’ in the code of the operating system. WannaCry, as with any ransomware on the market, can still target you via a link or a download in an email or in a drive-by website visit. 
You should never rely on patches wholly and solely to provide security. At the very least, your PC should have a good, reputable antivirus program installed and where possible, a secondary malware detection program such as MalwareBytes. 
Businesses should have a secure, multi-function threat management firewall appliance, of course our firewall of choice and the only one we recommend to our customers, is a WatchGuard device.

Businesses often feel that the cost involved with both security, computer and/or operating system upgrades is either too much or an unnecessary trend however this is simply not the case. If your business relies on computers to operate, it is imperative that they are secure, current and efficient.

Backing up your data regularly is an essential step for both business and home. If ransomware does get through your defences, the threat will be nothing more than an inconvenience because you will still have your data. When backing up data, ensure that once your backup is complete, your drive is removed.
An automated, secure off-site backup can take the hassle out of needing to switch drives daily and as an addition to on-site backup, provides a dual safety net for your data.

Finally, if you or your business are still running computers on Windows XP, there has never been a better reason to upgrade.

 

For help, support or guidance on any of the above, don’t hesitate to contact us.