It’s a Crytolocker variant that is catching any unprepared victims off guard. Hitting the unsuspecting victims where is hurts most, your data. WannaCry is just that, a ransomware that will make you want-to-cry
What is WannaCry
Similar to other viruses and malware WannaCry is designed to infect your computer with a ransomware that encrypts your individual files. Once encrypted, your files become unusable until they are unencrypted, the only way this can happen is if you pay the ransom by transferring the Cybercriminal money an online currency called Bitcoin.
Bitcoin is an electronic currency that has been a favourite for Cybercriminals for sometimes now because it is very difficult to trace, but its price is through the roof. Bitcoin started out in January 2009 where is was worth almost nothing, compared to May 2017 where a bitcoin will set you back over $2000 each.
To fill their pockets with cash, the Cybercriminals developed WannaCry to spread using a vulnerability in outdated Windows operating systems. To their credit, Microsoft went as far as releasing patches for Microsoft XP and Windows Server 2003 which were of life mid- 2015.
Unfortunately, it was too late, and WannaCry had already infected over 150,000 computers. One of the most concerning was the British National Health Service (NHS) which crippled the ability to provide care to patients. This variant has since been stopped. However, there have been new versions of the virus released since then.
WannaCry is also known as WannaCrypt, WanaCrypt0r or WCRY.
How Does WannaCry Spread?
The WannaCry Crtolocker spreads itself via phishing emails that appear as a trusted sender such as Telstra or Aust Post.
Once a computer is infected the virus uses a backdoor vulnerability via the network to infect other computers across the network including remote hosts that do not have the Microsoft update mentioned above.
How Do You Know If You WannaCry Has Infected You?
Trust me you will know. WannaCry will stop you from opening files on your computer and any other files and folders that your account has access it - including network folders. The reason you will be unable to access your files is because WannaCry has changed the extensions of your files to a .WNACRY extension, something that your computer is unable to recognise.
You or someone within your network will have also clicked on an extension on an email or link that pops up with the following message.
- Unplug everything from your computer and switch it off. If your computer is infected, the virus is designed to spread quickly. Removing the device from the network isolates the infection to one computer.
- Call IT – Call your IT team to make sure they are aware. They will need to check network drives to ensure the virus is not spreading and infecting other machines
- Check Your Backups – If you have backups of the data on the computer check them from another computer that is not connected to the network. If your backups are ok and do not have any encrypted files on them, they should be ok to use.
- Run an Anti-Virus Scan
- Check Your Cloud - Encrypted files are very good at hiding so ensure you check any cloud storage to ensure it is not infected.
- Restore Your Data OR Make A Decision – If you do not have any backups, you need to decide between paying the ransom or starting fresh.- Paying the ransom needs to to be done rather quickly because the ransom often increases every 24 hours, and there is no guarantee that the cybercriminals won't leave any tracking software on your computer, just to see what credit card details you might be using. In saying that there has been some success in getting data back in the past it just depends on how much your data means to you.
- Starting fresh, my personal preference. Install a fresh operating system update the computer with all the latest updates. If you have backups, reinstall your operating system and restore your data.
- Delete the WannaCry infecting email out of your inbox and from your deleted items. Take a screen shot of the email and inform your colleagues of the email so they are more aware
- Make Sure your antivirus is up-to-date
How Can You Prevent Being Infected In the Future?
You can never to too prepared when it come to Cybercrime. After the events of 2016, I can only image what 2017 has in store for us when it comes to Crytolocker. In all cases, prevention is better than cure.
- Backup – Make sure you are backing up at the very least daily, if not multiple times per day
- Data - All Business Data needs to be in a network folder or secure cloud drive.
- Invest – It a great idea to invest in a decent firewall and spam filter
- Protect – Each computer needs to be covered with a business grade Anti-Virus and is updated as often as threats are discovered
- Educate – Get a technical resource to run a training session on what phishing emails look like and the telling signs of a crypto
- Policies and Procedures – Review your security documents and procedures annually to ensure that they cover the latest security threats
- Update – Ensure you are updating your systems with patches and service packs weekly at te very least
- Upgrade – Work on your IT Budget and Plan. We help our clients work out a cost effective way of keeping their systems up-to-date. Having an updated system through a cloud service like Azure or AWS is a great cost effective way to keep your servers up-to-date.
If you would like some advice on your IT Budget or you would like our team to review your security policies and procedures, please feel free to contact us.