Blog
WannaCry Update
Home > Blog > WannaCry Update

Wannacry and Protecting Against It

 

The big cybersecurity news this week is the Wannacry/Wannacrypt Ransomware that has attacked over 200,000 machines in over 150 countries, and has been called the largest cyberattack ever. A ransomware is a malicious software that encrypts the victim’s data and demands a payment to release it. In case of Wannacry, the infection arrives via a phishing email and compromises the system, as well as other systems in the network, within seconds. It encrypts all the files on the system and then demands a ransom to release them, which, for Wannacry, was 300 bitcoins which would be doubled if not paid within 3 days.

 

What kinds of Systems are Infected

Wannacry exploits a vulnerability in Windows SMB or its file sharing protocol. Any unpatched Windows system, especially those running Windows 7 or Windows Server 2008 (or earlier) are vulnerable. The danger is even more for systems running Windows XP and Windows Server 2003 since Microsoft no longer supports these OS and no updates have been released for these OS in over 5 years. After the Wannacry attack, Microsoft released patches for these unsupported OS, but it may be a case of too little, too late.

 

Is it Possible to Recover Files Without Paying Ransom

In the case of Wannacry, it is not currently possible to decrypt the encrypted files. While some companies have paid the ransom, it is not advisable as there is no guarantee that the hacker will release the files after the payment is received. This is also because the attackers are often unable to identify which victims have paid. However, according to Symantec, it might be possible to recover files that were stored in places other than “Desktop”, “My Documents” or on a removable drive.

 

How to Protect Against Wannacry and other Cyberattacks

As mentioned above, once you have been attacked by a Ransomware, it may not be possible to get Back your files, even after paying the ransom. So the only affective defense against ransomware like Wannacry is proactive prevention. It is imperative to make sure that your systems are updated regularly. In case of Wannacry, Microsoft had released a patch back in March, and systems that were updated with the latest patch were safe. Also, organizations should upgrade and discontinue using software, once it is no longer supported by the original publisher. In case of Wannacry, one of the biggest hit organization, Britain’s National Health Service, was still using Windows XP.

 

Besides regularly updating the system, a good, up-to-date, Antivirus/anti-malware software can actively protect your system for ransomware and other cyberattacks. Some of the best rated antivirus software include Symantec’s Norton, Bitdefender, Mcafee, Kaspersky and AVG.

 

User awareness is also an important part of cybersecurity. It is important to teach users how to recognize phishing emails, and remind them not to click on any suspicious attachments. All users in the organization should also know what steps to take if their system does get infected. You can carry out these awareness programs in-house or out-source it. EC-Council offers a Certified Secure Computer User (CSCU) course, which should be a must for individuals handling more sensitive data.

 

Finally, have a data recovery and incident response plan in place. Backup all data regularly in a secure place and do regular integrity checks to make sure that the data is viable. Individuals can use cloud based services such as Dropbox, Google Drive and Microsoft’s Onedrive. On an Enterprise level, Infrascale offers a comprehensive Disaster Recovery Solution to quickly recover data loss due to natural or man-made reasons.

 

 

Recent Posts