If you haven’t heard already about the WannaCry or WannaCrypto ransomware attack that started on Friday, you need to, it is big news and extremely alarming. On Friday, last week a large cyber-attack was launched worldwide, infecting more than 200,000 computers in in 150 countries. The more we are finding out about the ransomware there seems to be more questions. Such as, what is it? What does it do? Where did it come from? Who did this? What is Microsoft doing about it? What do I do to protect my systems at work and at home?
What is it and what does it do?
WannaCry a.k.a. WannaCrypt, WanaCrypt0r 2.0 or Wanna Decryptor is a ransomware program targeting the Microsoft Windows operating system. An operating system is the software that supports the basic functions, it’s what allows you to run internet browsers or programs such as Office 365. Basically, what the ransomware does is it encrypts all of your files, including pictures, documents, spreadsheets & etc. The ransomware encrypts all the programs on the computer/server and a ransom payment is demanded in Bitcoin, Bitcoin a digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. The attack is described as an attack on an unprecedented scale. The amount the computer hijackers are asking for is $300 for the first 3 days from the time infected then the price doubles to $600. After 7 days, the files may be unrecoverable. The truly alarming thing about this ransomware is it travels through the internet looking for vulnerable computers and servers that do not have the security update from Microsoft. If you want to know more about the malware here is the direct to Microsoft’s Malware Protection Center.
Who did this? Where did it come from?
Okay, so this could get really long and complicated, but long story short. It is believed that the hacker group The Shadow Brokers are responsible for the release of the ransomware, but it is more complicated than that. The NSA (National Security Agency) was hacked and the program was taken. However, there are conflicting reports that the North Koreans may be behind the initial attack, but that is not a for sure thing. What we do know from experts in cybersecurity is this could potentially just be the beginning of a bigger problem with changes made to the code within the virus to make it even worse than it already has been. Here is why it could be worse, if the code was to change, the current ransomware has a kill switch, if the kill switch were taken out there would be no way to stop the spread of the virus. This current attack was minimized because a kill switch was found in the software by two cybersecurity professionals and it was stopped from infecting more computers than it already had. Sorry for the doom and gloom, but it does need to be taken seriously.
What is Microsoft doing about it?
Amazingly, Microsoft is on the ball and doing everything they can to stop the spread of the malware. They released a security update for all Windows Operating Systems, including Server 2003 and 2008, Vista and XP on Saturday, May 13, 2017. That will stop computers from being affected that haven’t already been. A security update was originally released for Windows 7 and higher in April 2017. Microsoft is taking responsibility for the vulnerability within its software, but it is also blaming the NSA for being irresponsible in stockpiling vulnerabilities and attack tools.
What do I do to protect my systems at work and at home?
The fix to protecting your systems is pretty simple. Run your Microsoft Updates. It really is that simple. If you are still running XP on your computer or haven’t updated your computer, look for the update that was released on Saturday. Download it and install it. Here the direct link to the webpage for the download needed for every Microsoft Security Update for every system still used today. If you need help with this, please call us, we would be more than happy to help you.
Also, having good anti-virus software installed on your computer will help safeguard your computer. Webroot Business, which we offer our customers is currently protecting customers. If you do not currently have any anti-virus or your anti-virus subscription has expired, you really need to get some kind of software to protect your computer and files. If you need help with that, we can help you with that too.