WannaCry Ransomware Attack Redux

Tens of thousands of words have been written about the "WannaCry" ransomware attack on computers and computer servers all across the world. Below is a summary of what occurred. Fortunately for Computing Center cients, no one got hit. We are very diligent about keeping Microsoft and other operating systems fully patched and up-to-date. Additionally, the perimeter security systems that we deploy kept the expoit from even reaching many networks.

But this is not over. The next exploit could be far more difficult to detect and recover from. We continue to caution all our clients on the basic three steps that every business and organization must take to protect its computer systems:

  1. Be absolutely vigilant in securing your systems, including running all patches and updates promptly.
  2. reliable backup and disaster recovery solution remains the best and most effective defense against ransomware attacks. If you are hit with ransomware, restoring your system and data from fresh backups is the only way to recover without paying the ransom.
  3. And finally, people should be cautious when opening emails and attachments (particularly executable files and zipped files). Employees can greatly benefit from IT security awareness training on how to recognize threats and suspicious activity.

On Friday, May 12th, tens of thousands of ransomware attacks struck more than 74 countries, including the United States, within hours. This unprecedented ransomware attack crippled a number of UK hospitals, where staff were unable to access patient records and appointments because their files were taken hostage. The ransomware infection has continued spreading, though by Monday, May 15th, there were reports that it was slowing down.

This ransomware strain called "WannaCry" (and other names) takes advantage of a Windows vulnerability (a flaw in the Microsoft SMBv2 network protocol) which Microsoft released a patch for in March. However, older systems still running the deprecated Windows XP operating system do not benefit from that patch, and many systems had not run the patch when available. On March 14th, Microsoft released patches for out of date operating systems in order to slow the outbreak.

WannaCry renames files with the ".WCRY" extension and asks for a ransom of $300 in Bitcoin to unlock the files.

 

There is no way to decrypt the files without paying the ransom, and there is no guarantee that systems will be restored if the ransom is paid. Organizations affected are urged to restore their systems from backups.

The Computing Center offers a number of proven security solutions, on-site and off-site backup systems and our engineers and technicians are fully versed in the best practices of keeping your computers and systems safe. 

TweetBacks
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
Comments are not allowed for this entry.