On May 12, 2017 there were multiple public reports of an ongoing large-scale cyberattack involving a variant of the ransomware named WannaCry (aka WCry). These attacks are targeting and have affected users from various countries across the globe. The WannaCry threat will encrypt data files on infected computers and ask users to pay a ransom in bitcoin to decrypt their files.
The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted. Analysis indicates the attack spreads through an SMB remote code execution in Microsoft Windows announced and patched by Microsoft on March 14, 2017.
Who was not Hit?
Users who have installed this patch are not susceptible. Symantec -Norton users had generic protection against this vulnerability with their Intrusion Prevention System (IPS) network protection technology, Symantec Endpoint Protection (SEP) and Norton products prior to the release of the WannaCry attacks. Symantec even picked up the attacked before it went mainstream.
Who is/was impacted?
The first law in security is to stay up to date with patches. Although this may be an annoyance to some, any unpatched Windows computer is potentially susceptible to WannaCry. Organizations are particularly at risk because of its ability to spread across networks and a number of organizations globally have been affected, the majority of which are in Europe. However individuals can also be affected.
How is WannaCry spread?
For the most part, While WannaCry can spread itself across an organization’s networks by exploiting a vulnerability, the initial means of infection—how the first computer in an organization is infected—usually tends to be the innocent employee. Majority of the time randsome where is associated by a individual visiting a website or opening/clicking on an email. Symantec has seen some cases of WannaCry being hosted on malicious websites, but these appear to be copycat attacks, unrelated to the original attacks..
How Can you avoid it?
Ransomware can get on your PC from nearly any source that any other malware (including viruses) can come from. This includes:
- Visiting unsafe, suspicious, or fake websites.
- Opening emails and email attachments from people you don’t know, or that you weren’t expecting.
- Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.
It can be very difficult to restore your PC after a Ransomware attack – especially if it’s infected by Encryption Ransomware. The best solution to Ransomware is to just be safe be safe on the Internet
- Don’t click on a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
- If you’re ever unsure – don’t click it!
- Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
- Make sure any Anti-Virus/Malware program you are using is up to date. Most Ransomewares have been discovered already and can be removed automatically by Anti-Virus/malware programs.
When navigating the world wide web be cautious of where you go. For hundreds of thousands of people around the world Symantec saved the day for its users, but remember The First Line of Security Is To Stay Up To Date With Software Patching. Stagnation or putting off an important patch could lead to a hacker gaining access to your system and it’s data.
Lead Tech Engineer: