The spread of a ransomware that exploits Windows operating system’s weaknesses, peaked overnight on the 12th May through to the 13th May 2017. Please find below a guide on how to protect yourself from being infected as well as instructions on what to do if contaminated.
What is ransomware?
Ransomware is a term for a type of malicious code, that often takes the form of a “cryptlocker”; as the name suggests, this malware irreversibly encrypts all your data. It is most commonly propagated through emails containing infected attachments. Then the ones responsible for the attack hold your data for ransom; usually requesting payment in Bitcoins or other forms of alternative currency.
source: Ransomware: how hackers take your data hostage (AFP Photo/Simon MALFATTO, Iris de VERICOURT, Jonathan JACOBSEN)
Who has been affected by WannaCry?
The Ransomware currently raging has been named WannaCry. Particularly virulent, it has contaminated four dozen Hospitals in Britain, the Ministry of National Education in France, a hundred odd devices at the Russian Ministry of Internal Affairs as well as Telefónica in Spain and rail services in Germany. Large companies have not been spared either, car manufacturer Renault is one of the many victims. All environments using Windows, from XP to 2016 are concerned, as are devices using Wine under Linux or Bootcamp on MAC.
Presumably propagated through email attachments, this malware is also circulating on social medias such as Twitter. It is highly likely that even more aggressive versions will surface in the next coming days.
If you have not been affected, check that you have successfully installed all the latest security updates via Windows Update and follow the editor’s guidelines; https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
In some very rare cases, it is possible that you may not find “SMB share support” in the list of Windows features. In this case, it is recommended that you close the following ports 135, 137, 138, 139, 445, 1900.
Also, make sure you have external backups for all your documents and data.
If you have been infected by this ransomware or any other, never pay the requested amount. There is no guarantee that your data has not already been compromised. If the compromised device is part of a computer park, isolate it from the rest of the park, restart it in safe mode and delete all the WannaCry files. The latter could entail a complete reformatting of the machine.
What can be learned from WannaCry?
This ransomware primarily affected computers operating obsolete or out of date systems.
However, there is no such thing as zero risks and the profitability of these attacks is such that the range of potential victims is very large scoping individuals and C A C 40 companies including ministries and political parties
Beyond the inherent risk for the victims’ integrity, when an attack affects a sensitive sector, the damages are equally financial. The failure to acknowledge IT risks within a company proves to be more expensive, from an economic and relational point of you, than acting proactively to prevent it.
You will find more information here: https://www.nomoreransom.org