Ransomware

WannaCry Ransomware attack 2017

RANSOMWARE THREAT ALERT

“WannaCry”

 

Ransomware is a type of malware sent through the internet and designed to lock you out of your computer files or prevent you from accessing your computer altogether.  It is spread through networked systems and stand-alone devices.

 

Why They Do It

The motivation for the attack is to obtain compensation (“Ransom”) in exchange for allowing you to regain access to your computer and/or your data.  Businesses, health care providers and law firms have increasingly been the targets of these attacks.  One type of ransomware that has received international attention based on the scope of its attacks is called WannaCry.

How it Works

Wanna Cry, is sent as an e-mail attachment or a link included in an e-mail you receive.  The process is called Phishing.  Once you click the link or open the attachment, the malware enters your computer and encrypts each individual file and thereby, prevents you from gaining access to your data.  The next message you receive is a notice informing you that your system has been locked and that you must pay to receive the decryption key.  The decryption key will enable you to once again gain access to your data.  The type of currency demanded is called Bitcoin.

Who is Exposed to WannaCry

WannaCry is not a particularly complicated type of ransomware, although most experts expect the content of the malware to evolve.   The scope of its impact is currently limited to older operating systems.  If you have the following systems and have updated your Windows software on a regular basis, you should not become a victim of the current WannaCry version:

Windows 10

Mac

The malware attacks the older more vulnerable operating systems, including:

Windows XP

*Windows 7

*Windows 8

 

*Windows 7 and 8 Operating systems are only vulnerable if they have not received updated security patches through Windows Updates.

 

 

Mitigation Measures

·      Ensure that you have a robust and updated anti-virus system.

·      Back up Your Data regularly, with a copy on a separate server or hard drive not connected to the internet.

·      Think Before You Click.  The ransomware typically enters your system through an infected e-mail attachment or via a malicious link.  If you don’t recognize the sender of the transmission, or if it looks suspicious, don’t click the attachment or link.

·      If receiving a message from a friend or colleague, don’t open it without reviewing the transmission. The ransomware, once in your system, sends the malicious message to those in your contacts list.

·      Disconnect from the internet if suspicious activity appears on your screen.

·      If you have a computer on your system that is using the older operating systems, XP, to accommodate legacy applications or software, isolate that devise from your network.

Remedial Measures

It is prudent with any ransomware to engage in a cleansing of the system to ensure that no traces of the malware are imbedded in your files, only to be activated by the hacker later.  This subsequent attack happens in around 30% of the ransomware cases.  It is unclear if the WannaCry ransomware uses this capability.  Therefore, it is best to scan and disinfect your systems prior to and after the restoration of your data. 

For further information regarding the protection of your data, restoration of your data following a ransomware attack or any other information related to your information security needs, contact OMEGA TRM, “We Manage Your Risk, So You Can Manage Your Business”