What to do about WannaCry Ransomware

WannaCry ransomware is spreading like wildfire!

WannaCry or WannaCrypt ransomware has infected over 10,000 organizations and 200,000 individuals in over 150 countries since it was first identified on Friday, May 12th, 2017. A temporary fix was accidentally discovered along the way, but a variant of the initial virus started to spread shortly thereafter. While some have escaped unscathed, others have not been so lucky. Businesses have been temporarily closed, ambulances have been rerouted and emergency rooms have been shut down. While the cost of upgrading to newer operating systems is an understandable underlying reason for this vulnerability, these infections should have been anticipated and therefore could have been prevented. While WannaCry has infected Windows operating systems and not Mac operating systems, Mac users should not assume they are safe from all ransomware because they are not.

Ransomware is a malicious software that blocks access to data or to a device until a ransom has been paid. It has become popular because ransoming files is low risk, fast and easy to collect on, especially with the anonymity of bitcoin. According to Verizon’s 2017 Data Breach Investigations Report, ransomware jumped from the 22nd most common form of malware in 2014 to the fifth in 2017. The Identity Theft Resource Center states that this year has shown a 50% increase in the number of ransomware attacks over last year.

How are devices infected by WannaCry ransomware and what can be done to prevent this?

The success of the WannaCry ransomware seems to largely be due to not updating old and unsupported versions of Windows but fortunately, Microsoft has issued a patch to resolve this. Understandably, some individuals or businesses don’t update old operating systems due to the cost of doing so, especially when large numbers of computers are involved but hopefully the scope of this attack will convince everyone of the importance of always keeping operating systems up to date. That said, there are a few additional strategies to take to prevent not only ransomware, but other malware as well.

How to avoid ransomware and other attacks too

  1. Accept/perform operating system updates shortly after receiving the option to run them to make sure you never miss a security update.
    • If you are using a supported version of Windows and have been doing your regular updates, you will be protected from WannaCry ransomware thanks to Microsoft’s March security update.
  2. Go to the Microsoft Update Catalog to obtain the latest update or patch for your operating system. Even if you are using an unsupported version of Windows, a security patch for the WannaCry ransomware is available to you.
  3. If you are using an unsupported version of Windows, it’s highly recommended that you upgrade to a supported version to avoid missing future security updates.
  4. Assuming you have virus protection software installed (a must for all users and especially Windows users), make sure your virus definitions have been updated because most antivirus software should include a mechanism to detect and block WannaCry.
    • If you don’t have antivirus software installed, do so immediately. 
  5. Have a backup system that is offline so that ransomware cannot infect your backups.
  6. Backup regularly and backup often.
  7. While WannaCry seems to be occurring primarily due to vulnerabilities in older Windows operating systems, ransomware can also be a result of clicking on malicious links or downloading malicious attachments on Windows or on Mac operating systems:
    • Be careful anytime you click on links online or in emails. Sometimes malware is embedded in emails that appear to be from trusted sources until you look more closely to see they are not from who they appear to be from.
    • Pay attention when clicking on links on social media. For example, see How I saved my Mac from ransomware.
    • See How to Avoid Phishing Scams for general phishing avoidance tips.

What you can do if you find yourself infected by ransomware

  1. Wipe your hard drive clean and start over with the offline backup you hopefully have to restore your data.
  2. Restore your computer to a previous date before your computer was infected.
  3. Don’t pay the ransom because there is no guarantee your computer will be unlocked afterwards.
  4. Upgrade your operating system or get a new computer (or computers) with a supported operating system.

Until next time, … Stay Cyber Safe!

 

Tagged with →  

Leave a Reply

Your email address will not be published. Required fields are marked *

Share →