Beginning Friday morning, multiple news outlets reported outbreaks of a new ransomware attack known as “WannaCry” that is spreading globally, exploiting a vulnerability in Windows. The British Nation Health Service was the first known major victim, its operations brought to a standstill. Several other companies followed, such as Fedex, the automaker Renault, and the major European telecom, Telefonica. At this time, there have been over 200,000 reported infections in over 200 countries across the globe.
Like most ransomware, WannaCry is most frequently delivered via email attachments. Files on the victim’s PC and network shares are encrypted, and the victim will receive a message notifying them that their files are encrypted and outlining instructions to pay the ransom to have them unencrypted. Additionally, the malicious code will go out onto the network to find other vulnerable computers.
While WannaCry is the worst so far, it is far from the first. Ransomware has unfortunately become a multi-million dollar business. As your information security provider, we at NetWatch implement the following safeguards against cyberattacks:
- Systems are patched regularly with updates from Microsoft. Microsoft has released a patch for the vulnerability, and we have applied the patch.
- Antivirus software is maintained and monitored to ensure it is installed and up-to-date. Our antivirus partner has reported that their latest signatures include protection against this exploit.
- Client networks are protected with DNS proxy which filters known malicious content. All web requests go through this content filter. Our content filtering partner has reported they are able to block activity related to this exploit.
- Firewall security services are kept up-to-date. Our firewall vendor reports that their latest security signatures include protection against this exploit.
- Backups (onsite and offsite) are maintained and monitored.
Our team has spent the last few days running diagnostics on all systems to manually and personally verify that all five of these points are covered, applying updates where necessary.
Here are the official statements from our trusted security partners:
Webroot Security – https://www.webroot.com/blog/2017/05/13/wannacry-ransomware-webroot/
MalWareBytes AntiMalware – https://blog.malwarebytes.com/cybercrime/2017/05/wanacrypt0r-ransomware-hits-it-big-just-before-the-weekend/?utm_source=outbreak&utm_medium=email-internal-b2c&utm_campaign=Wanacrypt0r&utm_content=wanacrypt0r-alert
Despite these measures, the best defense against cyberattacks is still the care and diligence of the end user. Here are some things you and your coworkers can do to prevent the spread of ransomware:
- Exercise extreme caution and discretion concerning email attachments. Do not open any attachment which you were not expecting. Even attachments coming from known senders can be malicious, if the sender has been compromised in some way. The best practice is not to open ANY attachment unless you have verified by phone or in person that the sender and the file are both legitimate.
- Leave your computer on at the end of the work day. This is the best way to ensure that all computer receive critical updates.
- Do not install or uninstall software without consulting with NetWatch first. If you have any questions about anything, we’re happy to help!
Please share this message with all users in your organization. If you have any questions or concerns, please feel free to reach out to me. If you’d like to schedule a meeting to discuss the specifics of your organizations cybersecurity plan, please let me know and I will make it happen.