As you will have heard in the news on Friday 12th May 2017, a new cyber-attack in the form of ransom-ware code named "WannaCrypt" is affecting many organisations around the world particularly the NHS, (200'000+ at time of writing). The virus is primarily obtained by opening an attachment within your E-Mail system which then encrypts your data and holds it to ransom. The ransom starts at £230 and rises to £660 if not paid within 72 hours.
The virus seems only to affect Windows XP machines, Windows 2000 Server and Windows 2003 Server and Windows 8 which use "Samba v1", a language (a protocol in computing speak) to share files over a network. Windows 10 machines are not affected so far. These operating systems are no longer supported by Microsoft and those that have been affected are those that still use these systems. IT is the backbone of any business and it is extremely important to upgrade away from this very old technology.
Once a machine is infected on your network, it will then attempt to connect to other machines and infect those too!
The malware's name is WCry, but also use variants such as WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r.
What Action Should You Take?
- Do not open any attachments in E-Mails where you do not know the sender.
- Ensure you buy cyber security software and install on your computers, smartphones and servers. (Free products such as AVG just aren't good enough)
- Ensure Windows Update is enabled and you have all the latest updates installed.
- Perform regular (daily) backups of any data you do not want to lose and ensure this is held off site. USB drives connected to your computer or server will also be encrypted by these types of viruses.
- Ensure that your staff are aware of the outbreak and know what to do should they accidentally infect a PC. (See Below)
- Upgrade all systems to Windows 10 as soon as possible.
- Use a perimeter firewall with virus scanning to block viruses BEFORE they enter the network.
- Conduct end user training to improve internal procedures.
- Review the use of personal E-Mail systems within the workplace.
- Review the use of using personal USB devices and connecting of smartphones to computers.
- Devise a disaster recovery plan.
What Should I Do If I Become Infected?
- Immediately remove the network cable from the back of your computer and disconnect from any wifi networks.
- Remove any attached USB storage device from your computer
- Turn off your PC.
At this point, you should call in an IT expert to reinstall your computer. Whilst the virus/ransom-ware can be removed, the damage that has been done cannot. We would highly recommend to simply reinstall your computer if you're unfortunate enough to be infected and restore your files from backup.
Paying the ransom fuels this business and the more we pay, the more these cyber criminals have reason to create another lucrative attack.
A 22 year old security student has halted the spread of the virus accidentally which means that the cyber-criminals global attack has been temporarily halted. Having taken down a large portion of the NHS, FedEx, and many others, there's no doubt in our minds that another variant of this attack will be seen most likely on Monday morning.
Microsoft have released a patch which can be downloaded here but only applies to Windows XP , Windows Server 2003 & Windows 8.