WannaCry makes those infected “wanna cry”

 

If you haven’t heard of the new cyber-attack called WannaCry, here’s what you need to know.

 

On May 12, hackers launched a global ransomware campaign worldwide affecting tens of thousands of corporate and governmental agencies. Fox news reports over 200,000 victims in more than 150 countries by Monday morning. The ransomware encrypts files on an infected computer network and requires the company to pay a ransom to regain access.

The vulnerability used by these hackers, was first uncovered by the National Security Agency (NSA) but somehow the vulnerability made its way on the Internet, and is now in use for one of the biggest cyber attacks ever.

The attack quickly spread until a 22-year-old MalwareTech employee found that the ransomware had a kill switch code, and he registered the website URL in the code and the new infections stopped, the URL only cost $10.69! This at least stopped the attack briefly, but as those trying to stop the attack develop fixes, those trying to attack also create new versions, and released a new version of the WannaCry ransomware that does not have a kill switch.

Furthermore, another large-scale attack called Adylkuzz, which is linked to WannaCry is underway. The new attack targets the same vulnerabilities the WannaCry ransomware exploited, but instead of disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machine to mine in a background task and transfer virtual money called “Monero” to the authors of the virus.

 

How can you avoid this ransomware?

 

Well first, only computers with Windows Server 2003, XP, or Windows 8 have been affected.  Windows 8.1 and newer is safe, but due to this mass attack, Microsoft did release a patch for these operating systems, even though they were left vulnerable and without support for years now.  So, if you have a computer with one of these operating systems, update now and if you are using an updated version of Windows, make sure your updates are up to date!

Second, if you are a business still using one of these operating systems, update your operating system. Windows Server 2003 support was ended on July 14, 2015, and Windows XP support was ended April 8, 2014.

Another thing you can do is install a dedicated ransomware blocker, such as this free one, Malwarebytes.  Micro Doctor installs Malwarebytes on all clients Servers and PCs.

Also, block port 445 for extra safety.  Blocking the TCP port 445 could help with the vulnerability if you haven’t patched your OS yet.  Port 445 seems to be the port that WannaCry is using for the attack. Blocking port 445 could cause problems with your network so this technique is for single unpatched PCs only.

Have a backup with versioning, allowing to you to go back to right before the attack and unencrypt your data, so you don’t have to pay a ransom.

 

The good news

 

The good news is that you're a Micro Doctor Cloudcare customer, so you are protected from WannaCry. In fact, MDI Cloudcare was one of the key tools used by the MalwareTech employee credited with uncovering WannaCry. So, relax. You're safe.

Also, if you are a Mac user, right now the attack is only on Windows based operating systems, so for now, you’re safe.

 

What if I’m already infected?

 

There is no way to reverse the encryption for free (unless you have a backup in place already with versioning, such as a Datto backup).  Also, even if you pay the ransom to remove the encryption, the malware remains on the PCs even after being unlocked, so make sure to get that off your PC, or call and IT company to help you with that if you aren’t sure where to begin.

If you don’t have anything valuable that you need to get back, you can consider wiping your machine as well.

 

What to take away from this?

 

At Micro Doctor, we practice what we preach and try to implement vendor updates within 30 days of being released unless, upon evaluation, there is an issue with the update.  Also, critical systems should always be on supported software versions. When this isn’t possible, businesses should consider avoiding connecting unsupported systems to their network or the internet. This can reduce their risk of infection, and prevent further spreading in the event a system is compromised.

WannaCry has brought to light the cost of running out of date or unsupported software. There are many reasons why software stays out of date. They range from concerns over compatibility and lost productivity to a simple lack of time and the low perceived priority of the task. In a busy business world, it can seem like there’s no good time to devote to this kind of routine maintenance. With the speed of WannaCry, we can see there's a cost to no action as well, and the time and money of updates may be well worth their cost, compared to the cost of ransomware.

Check out this video on the WannaCry attack: https://www.cnet.com/news/ransomware-attack-cyberattack-malware/

If you or anyone you know has any questions on WannaCry, contact Micro Doctor at 330-898-2100 or email us at paymyransom@microdoctor.com. It’s also important to note that the details of this attack are changing every day, so please keep reading the latest articles to protect yourself, and your business from WannaCry and other ransomware attacks.

By: Megan Augustine