Ransomware – it makes me WannaCry………….

Ransomware. You’ll have struggled to avoid the word this week and we’ve certainly had more than our fair share of telephone calls from concerned customers. The ‘WannaCry’ virus attack on the NHS has made Ransomware the current buzzword in the national and international press.

Whilst this is undoubtedly a high-profile attack are the press guilty of scaremongering? Well yes and no.

Firstly to clarify what Ransomware is. Ransomware is a kind of cyber-attack that involves hackers taking control of a computer system and blocking access to it until a ransom is paid. For cyber criminals to gain access to the system they need to download a type of malicious software onto a device within the network. This is often done by getting a victim to click on a link or download it by mistake. Once the software is on a victim’s computer the hackers can launch an attack that locks all files it can find within a network. This tends to be a gradual process with files being encrypted one after another.

Instances of Ransomware are prevalent and growing, by the end of quarter 3 of 2016 McAfee had found 3,860,603 new ransomware samples, an 80% increase from the beginning of the year.

The incident that’s made the press has done so because of the volume and profile of the victims, with the NHS the highest profile in the UK and an estimated 500,000 companies affected worldwide.

Wanna Decryptor, also known as WannaCry or wcry, is a specific ransomware program that locks all the data on a computer system and leaves the user with only two files: instructions on what to do next and the Wanna Decryptor program itself. When the software is opened it tells computer users that their files have been encrypted, and gives them a few days to pay up, warning that their files will otherwise be deleted. It demands payment in Bitcoin, gives instructions on how to buy it, and provides a Bitcoin address to send it to.

The ransom is the equivalent of about $300 and you’ve got 3 days to pay before it doubles to $600. If you don’t pay within a week then the ransomware threatens to delete the files altogether. Note the social engineering aspect here too: a sense of urgency is created to prompt people into action. A sense of hope is granted by virtue of the ability to decrypt a sample selection of the files.

If you get the infection there is very little you can do. The expert advice is NOT to pay the ransom, it is highly unlikely that you’ll get your files back and you’re potentially funding further attacks. As yet there is no way of getting the files unencrypted.

However, there is some good news.

A young cyber expert managed to stop the spread of the attack by accidentally triggering a “kill switch” when he bought a web domain for less than £10. When the WannaCry program infects a new computer it contacts the web address. It is programmed to terminate itself if it manages to get through. When the 22-year-old researcher bought the domain the ransomware could connect and was therefore stopped.

There is further good news for Windows 10 and Mac users – neither were subject to the vulnerability this patch addressed and are therefore not at risk. If you are running any other SUPPORTED version of Windows then you would have to be 2 months behind in your patch cycle to get hit. In March Microsoft released s security update which addressed the vulnerability that these attacks are exploiting. Given the seriousness of the problem, Microsoft has released the security update for unsupported Windows versions like Windows XP and Windows Server 2003.

The final piece of good news is that if you are a Your IT Support customer you are as safe as you can possibly be. We ensure your operating systems are patched to the latest version and our technicians worked through Friday evening and Saturday to check and double-check that everything was up to date and secure. We have had ZERO instances amongst our customer base.

So everything is fine, no panic. Well not quite.

This attack may mutate over time, new threats are appearing daily and you have to remain vigilant. Keeping your operating system up to date, having anti-virus software and firewalls provide layers of security, the more layers generally the more secure you are. But nothing is 100% secure. Incidents will still occur, and the majority still come from human error – someone clicking something that they shouldn’t.

So what can you do?

The basic precautions are:

Backup and disaster recovery. We’ve put this first for a reason, at the risk of repetition nothing is 100% secure. If something gets on to your system and your files aren’t backed up chances are they are gone so backup is a must. There are numerous ways to create regular secure back-ups and you should also have a disaster recovery plan in place so you know what to do if the worst happens. We would generally recommend a cloud-based solution – we explain why in this blog https://www.your-itdepartment.co.uk/news/backing-cloud-best-option/ but speak to your IT Support provider about the best option for you and how they can help in the event of a data loss.

Keep your Operating System up to date. If you are still using Windows XP or Windows Server 2003 you are exposing yourself to unnecessary risk – if there is not a very, very good reason you’re still using an old system then upgrade. Speak to your IT support provider. There is a cost of course, but the cost of losing all your data will be far, far higher.

Ensure you have anti-virus software, and it is up to date. There are free options and they do the job but as with everything you get what you pay for. Again speak to your IT Support provider, they will be able to advise you.

Invest in further protection. Layers work, talk to your IT support company about firewalls, anti-malware software (sometimes packaged with anti-virus) and the myriad of other solutions out there. Any reputable IT Support company will offer you free advice on the best solution for you, not just try and sell you their solution.

Raise awareness amongst your staff. We cannot stress this enough, the majority of virus instances come from someone clicking something they shouldn’t. We’ve covered this in greater detail in this post- https://www.your-itdepartment.co.uk/news/forget-viruses-worried-staff/ but if something looks suspicious DON’T CLICK IT!

Some further words of calm. If you have been exposed to this virus or any type of Ransomware then you will know about it. The whole point of Ransomware is to extract money from the victim – they are not subtle, your computer will be unusable and you’ll see a screen like this:

With any well-publicised attack there is certain to be a level of paranoia but if your computer is running slow, won’t print, or has any one of the hundreds of other problems that computers experience each day it’s NOT ransomware! Of course you should ring IT Support but please don’t panic.

Your IT Department provides complete Cyber Security solutions including anti-virus software, Watchguard Firewall Hardware, and advice. To find out more about how we can keep you secure call 0115 7980704 or email us info@your-itdepartment.co.uk