As many will now be aware, a massive ransomware attack occurred across the world, affecting mainly English and US computer systems. One of the biggest victims was the UK’s National Health Service. By all accounts, the attack has not so far been widespread in Australia and most authorities and anti-virus systems are up to date on the malware footprint.
What is WannaCry?
This malware program affects Windows based systems and exploits a well known vulnerability in a number of versions of Windows, The vulnerability is known to Microsoft (MS17-010) and was patched as far back as March.
In many cases, ransomware gets on to a system through a user clicking on a link in an email. Once that link is clicked, the malware is downloaded onto the computer and it then exploits the above vulnerability to encrypt files and documents on the computer.
However, in the case of WannaCry, if a Microsoft system is not patched as described above, the program uses tools originally developed by the USA’a National Security Agency to exploit the vulnerability – in other words, without intervention from the user,
The original files and documents are then deleted, and a screensaver message will appear, giving payment instructions and also outlining what will happen if the victim does not comply.
What do I do if I get ransomware on my computer?
Whether it’s Wannacry or any other form of ransomware, the first and most important thing is not to panic. We would suggest disconnecting your PC from any network connection and turn it off. Call your local computer support team as soon as possible.
Should I pay the Ransom?
This is a judgment call for all victims of this sort of crime but our suggestion would be to report it to the authorities first. In Australia, you can report ransomware attacks to the Australian CyberCrime Online Reporting Network (ACORN) at http://www.acorn.gov.au
How do I protect myself against ransomware attacks?
Common sense rules the day here.
- Update Update Update - First, make sure that your computer’s operating system has been patched to the latest updates. As noted above, WannaCry exploits a vulnerability that was patched by Microsoft in March of this year. But even that’s no guarantee of safety, as some of these systems are upgraded to utilise other unpatched or as yet undocumented vulnerabilities, or where the malware is as yet unknown to Microsoft or antivirus systems (known as “zero day” exploits)
- Anti-Virus and Malware Scanners - Make sure you are running a reputable antivirus scanner that is also up to date and is regularly updated. Whilst there are a number of good commercial products in the market, Bear in mind that Windows 8 and 10 also have an inbuilt antivirus system called Windows Defender. In addition to this we would also recommend that you download at least the free version of Malwarebytes (https://www.malwarebytes.com/). This program is a useful and effective supplement to your antivirus programs.
- Email and Suspect Web Links - Importantly, be careful with your email and with strange links to websites. Many malware programs are spread by malicious links or attachments in email. Once you click on the link or open up the attachment, that’s when the trouble starts.
Be very careful about emails with odd email addresses or from people you do not know. Bad grammar and short cryptic and often confusing messages are usually a tell tale sign that the email is not legitimate.
If your email is being provided by your Internet Service Provider, find out if they are running mail scanners at their end to hunt down junk mail and malware. Whilst none of these systems is absolutely foolproof, many ISPs offer such services as addons and some of them actually provide options for such a service that you can control yourself through a web console page.
Email is a very insecure way of communicating even though it’s the most convenient way of doing so. Be suspicious of what you see in your inbox. Even if an email looks like it is coming from someone you know, be cautious, because sometimes email addresses can be spoofed or made to look similar but not the same as the person’s in respect of whose email they are spoofing. (Our Nerd Herder wrote about the dangers of email a couple of years ago (https://www.cso.com.au/article/560207/r-p-email/) ).
- Backup Backup Backup – It is very important in this day in age to backup all of your important data and files. Small businesses especially can be crippled by a Ransomware attack. If you have been a victim of an attack and you do have backups, then you may lose a little bit of current data but you may well be able to restore your data with only minor impact. Without backups you are quite literally held captive by your attacker.
It is important that when backups are made, that they are taken off line from the PC being backed up. If not, then it is possible that even your backups could be attacked.
Spend time policing your data. If you have important data that is only referenced occasionally, consider putting it on another computer or in a safe storage medium such as a Network Area Storage system (NAS) or a backup drive. And also consider storing your data on another device that is not exposed directly to your email or web browser. Segregating computers from each other does also contribute to the safety of your local area network.
If you are looking for a remote backup service, there are many available to you. At Lateral plains, we run our own datacentre services and we also have access to large secure data warehouses that are backed up in Melbourne and Sydney. Automated backups from your PC to these various backup services is available.
Feel Free to Talk to us!
Some References for you
If you are interested in reading a bit more about Ransomware and the cybersecurity, here are a few useful links
- Wanna Decrypter 2.0 ransomware attack: what you need to know – Naked Security: https://nakedsecurity.sophos.com/2017/05/12/wanna-decrypter-2-0-ransomware-attack-what-you-need-to-know/
- WannaCry Ransomware Explained By An Aussie Security Expert: Lifehacker - https://www.lifehacker.com.au/2017/05/wannacry-ransomware-explained-by-an-aussie-security-expert/#iqpmSSIddyFxPCpL.99
- Wanna Decryptor: what is the 'atom bomb of ransomware' behind the NHS attack? - Wired Magazine: http://www.wired.co.uk/article/wanna-decryptor-ransomware
- Ransomware campaign impacting organisations globally - The Computer Emergency Response Team: https://acsc.gov.au/ransomware-campaign-impacting-organisations-globally.html
- Massive WannaCry/wcry Ransomeware Attack Hits Various Countries: Trend Micro - http://blog.trendmicro.com/trendlabs-security-intelligence/massive-wannacrywcry-ransomware-attack-hits-various-countries/
Correction: This article originally stated that WannaCry is activated by clicking on email links or compromised URLs. WannCry does not in fact need user intervention to do its thing. Thanks Kyhwana (https://keybase.io/kyhwana) for pointing out our error.