As you have probably heard, a new ransomware, WannaCry, has infected many computers throughout the world, with Russia, Ukraine and Taiwan as some of the main targets. Over 200,000 victims have been affected in more than 150 Countries since Friday. The exploit actually originated from work done by the NSA, who discovered this vulnerability earlier this year. Microsoft released a security patch in March after the exploit was discovered but it didn’t reach all the devices for one reason or another. Additionally, the security patch didn’t include unsupported operating systems such as Windows XP. Since the global attack, Microsoft has released another patch on Friday for Windows XP and other unsupported operating systems.
Hackers are exploiting a Windows vulnerability (SMBv1), released by Shadow Brokers, to compromise a victim’s machine without user intervention. This is considered a new attack method for ransomware compared to the conventional method where victims manually execute the ransomware. Put another way, this means you just have to have your computer on and connected to the internet for it to be possibly attacked with this ransomware!
According to beleepingcomputer.com, a HoneyPot server was infected with WannaCry 6 times within 90 minutes. A HoneyPot is a computer system that is setup to act as a decoy to lure cyber attackers, and to detect, deflect or study attempts to gain unauthorized access to information systems.
Once your computer is taken over, you are told that you must pay a ransom or your data will not be returned to you. What would you do in this situation? What if you could easily afford the amount of ransom said to be just $350? Well, there are those who paid it, which will certainly drive more of this type of activity.
This ransomware is bad news for anyone who feels like they’re fine because they don’t click on links in suspicious emails and don’t visit dangerous websites that may be infected. It’s not just about your actions on your computer anymore. Here is what you need to do to stay protected:
1. Ensure you are fully updated with all Windows Updates and 3rd Party software updates.
2. Make sure your anti-virus product is up to date and has real-time scanning abilities to protect you.
3. Have a network firewall that performs active scanning and protection at the gateway level.
4. Make sure you have backups of important data in case your data gets held for ransom.
If you want more information or help with protection, please reach out to firstname.lastname@example.org for more info.