WannaCry Ransomware – Update for Business Owners
Posted by Timothy Platt on May 13, 2017
WannaCry Ransomware – Updates and Information
National news today is reporting on the “WannaCry” ransomware. This is a serious computer security issue, and this article will provide information on this threat.
NOTE: This information is current as of Saturday 5/13/2017, 10:30 AM Eastern.
What is “WannaCry”?
WannaCry is a code name for a variant of “ransomware” malware that is currently circulating on the Internet. The purpose of this malware is to extort a payment from victims. Once a machine is infected with this malware, it will encrypt many files, and the attackers are requesting a ransom payment to decrypt the files. This effectively renders the file content inaccessible unless decrypted.
Why is “WannaCry” so dangerous?
There are many types of ransomware malware circulating daily, but “WannaCry” is particularly dangerous because it can automatically spread on your network to all vulnerable machines. Once one machine is infected, it will scan every other machine on the Local Area Network, and infect all that are vulnerable. This type of behavior classifies this malware as a “worm”. It is also dangerous because it is utilizing a very wide spread vulnerability that is present on many Windows versions. The initial infection probably occurs via a malicious email or a phishing technique. For infecting other machines on the LAN, the malware is using a file share protocol (SMB) vulnerability that was patched by Microsoft on March 14, 2017. If a Windows machine has not been patched it will be vulnerable.
What actions should be taken?
For machines already infected – There is no available “decryptor” utility for WannaCry at this time. This means your best course of action is to re-image or clean the infected machine using an anti-virus program, and then to restore data from backups. It is not recommended to pay the ransom, because it is not known if the attackers will provide the decryption key when paid, and paying ransoms further funds the proliferation of these threats.
For machines not infected – ensure that security patch MS017-010 is applied as soon as possible. Please note that Microsoft has provided special patches for end of life systems – Windows 2003 and Windows XP – specifically for this threat. Applying these patches will not stop the initial infection, but it will stop the further spread of the ransomware. To stop the initial infection, make sure your anti-virus and anti-malware products are up to date with the latest signatures, and that your employees are trained to recognize phishing emails. Several anti-virus vendors have updated their signature files for this threat.
How urgently is action required?
As of 5/13/2017, it is believed the further spread of the malware has been temporarily stopped. However, it is possible the attackers will update or change the malware to re-start the infection process. It is also possible another group of attackers will utilize the same or similar techniques to capitalize on the opportunity. We recommend that any vulnerable machine be patched as soon as reasonably possible.
Does this malware impact Mac or Linux?
This malware is specific to Microsoft Windows, and cannot infect or spread on Mac or Linux machines.
Get Help from the Security Experts
We hope this information has been helpful. Your situation and unique requirements will need specific assessment. And remember, we’re here to help. If you’ve got a security related challenge, reach out to us – we’d love to help.
IT Support by Virtual Operations
Virtual Operations provides IT support for small businesses in the Orlando and Central Florida area. Our managed IT services offering provides the expertise and quality care your small business needs. Please contact us today to find out how we can help with your computer support and network support needs.