WARNING: New ransomware outbreak – WannaCry is in the wild
New reports worldwide regarding the attack appears to have affected a number of organizations in multiple countries. The count as of this article has exceeded 100 countries. The ransomware locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them.
The ransomware, called “WannaCry,” is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March 2017. Computers that has not been updated will be at risk of getting infected. The exploit was leaked last month as part of a trove of NSA spy tools.
It has a new module that acts as a worm which seeks out other PCs on local area networks. So, if someone’s laptop is infected and he or she went to a coffee shop, it would possibly spread to PCs at the coffee shop. From there, to other companies.
What are best practices for protecting against ransomware?
- New ransomware variants appear on a regular basis. Make sure to accept software updates from IT and reboot your system regularly to protect yourself and your company against them.
- Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
- Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
- Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However, organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.