Experts have previously warned about the threat of ransomware attacks on businesses, however on Friday 12th May 2017 it became a reality; over 220,000 computers in 150 countries were infected by a new, previously unknown ransomware virus. Although it appears that Australia escaped the worst of the fallout, this certainly won’t be the last we hear of this type of cyber-attack. Once activated, the ransomware (called ‘WannaCry’ or ‘WannaCrypt’) encrypts files, drives, and entire networks. Once a system has been infected, a screen will show that the computer and the data are locked and can only be unlocked by paying a ransom in the form of the crypto currency Bitcoin.
This type of malware was only able to spread so quickly because the cyber criminals had used a zero-day gap in the Windows operating system. Microsoft had already released an important security bulletin and important patches of this vulnerability in March with security update MS17-010. You can find the full details here:
Even though Microsoft discontinued support for Windows XP, Windows 8 and Windows Server 2003, in light of this huge ransomware attack the released new patches to fix the security gap on systems still running these two OS versions, even if you’re not on a custom support plan. Check out this link for the full article from Microsoft explaining what to do next:
Microsoft note that users who are running supported Microsoft OS versions should have received update MS17-010 back in March; if you installed this update (or you have automatic updates turned on) then there should be nothing to worry about. If you have not already done so, it is strongly advised to install the appropriate patch for your respective Windows OS as soon as possible.
Even with the best precautions and policies in place, you may still suffer from a ransomware attack. In the event your data is held hostage by ransomware, here’s some advice to bear in mind:
- Remain calm. Rash decisions could cause further data loss. For example, if you discover a ransomware infection and suddenly cut power to a server (versus powering it down properly) you could lose more data in the process.
- Check your most-recent set of backups. If they are intact and up-to-date, the data recovery becomes easier to restore them to a different system.
- Seek help from a specialist and never pay the ransom. There have been many cases of ransomware victims paying the ransom demanded and not receiving their data back in return. Rather than running this risk, companies should work with data recovery experts who may be able to regain access to data by reverse engineering the malware.
Engineers at Kroll Ontrack have so far identified over 225 variations of ransomware infecting user devices, however there are more being created every day, plus others that may not have been reported already.
Safeguarding your data
With this particular ransomware strain hitting the headlines and large organisations, now is a good time to prepare your systems against potential cyber-attacks. Here’s some of the preventative measures you can take to safeguard your data:
- Create and follow a backup and recovery plan. Ensure that a plan includes storing backups offsite.
- Be prepared by testing backups regularly. Organisations and individuals must be familiar with what is stored in backup archives and ensure the most critical data is accessible should ransomware target backups.
- Implement security policies. Use the latest anti-virus and anti-malware software and monitor consistently to prevent infection. Always keep your systems up-to-date and apply the latest security patches.
- Develop IT policies that limit infections on other network resources. Companies should put safeguards in place, so if one device becomes infected with ransomware, it does not permeate throughout the network.
- Conduct user training, so all employees can spot a potential attack. Make sure employees are aware of best practices to avoid accidentally downloading ransomware through malicious files, or opening up the network to outsiders.
By following this advice you should be better prepared against ransomware attacks, including any resurgence of the WannaCry malware that is currently circulating.
Have you or your business been affected by WannaCry or another form of ransomware? Get in touch with us by tweeting @KrollOntrack_AU