Nasty WannaCry ransomware impacted thousands of businesses

A huge ransomware epidemic erupted in just a few days last week. The ransomware virus known as WannaCry, WCry, or Wanna Decryptor, was discovered May 12, 2017. The reported ransom is $300 to be paid in Bitcoins. It is not known if businesses that pay the ransom get access back to their files or not.

The Department of Homeland Security’s US-CERT (United States Computer Emergency Readiness Team) stated in its alert as of 5/13/17 that organizations in as many as 75 countries, including the United States, have been infected. Other reporting sources state as high as 100 countries with 75,000 or more infections seem to have occurred in just a few days. The ransom requests have appeared in over 25 languages. It is viewed as the largest global ransomware attack to-date.

The good news is a British technology researcher identified the website that was being used as part of the hacking campaign and found it was a series of numbers and was not registered. The researcher registered the website for about $10 and was then able to monitor activity. He was able to shut down the virus but variants or copycats are likely to appear soon.

How it happened

Details are still vague, as researchers investigate the rapid spread of this ransomware. It is speculated that the malware virus entered PCs and systems via phishing emails. Some security experts think fake invoices were the cause, when opened by employees. Another theory is that social engineering was used to increase the likelihood of an email being opened. The virus then gained access to enterprise servers and possibly smaller networks.

Although Microsoft released a patch in March, 2017 for the vulnerability, unpatched systems continued to be at risk. The virus was released and soon infected unpatched systems around the world.

According to US-CERT, anti-virus software scans were not able to identify the virus and block it.

What you should do

First, ensure that your PC has the most current Windows update. How to do this will vary by the version of Windows you are using. If you don’t know how to check for installed updates or what Windows version you have, do an internet search. Microsoft customer service web site has some good directions.

If you have auto updating enabled (highly recommended), you should check to ensure an update was installed in recent days, depending on when you last logged into your system. If you do not have auto updating, you should download the appropriate update version from the Microsoft web site.

If you are running an out of date Windows version such as XP, Microsoft has a special patch update for you also. This is an unusual step for Microsoft since they seldom provide patches after a version has been determined as obsolete. You can find the patch here. If you have a different old version, you can do an internet search for a patch for your version.

Second, this is a good time to review your backup process and ensure that you do have current usable backups. If you get a ransomware virus, you will need to have it removed by a cybersecurity specialist and then have your backups loaded so you can resume using your system.

Third, review this attack with your staff. Help them understand how your system could be impacted if they do not follow your cybersecurity protocols.

Fourth, if you think you have been a victim of this ransomware, DHS and FBI encourages you to report information to DHS or law enforcement immediately. They ask that you contact DHS’s National Cybersecurity and Communications Integration Center (NCCIC) (NCCICcustomerservice@hq.dhs.gov or call 888-282-0870), or the FBI through a local field office or the FBI’s Cyber Division (CyWatch@ic.fbi.gov or call 855-292-3937) to report an intrusion and to request incident response resources or technical assistance. Reporting your incident helps law enforcement assess the components of the hacking campaign and provides you with guidance on corrective actions.

And last, if you are on an old unsupported version of Windows, invest in a new system immediately. Even if you have to retain the old system for a specific application, use that system for that function only. Get a new system for all other applications.

About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.