On May 12, 2017, a new variant of ransomware known as WannaCrypt made its presence known in a major way by infecting over 230,000 computers in over 150 countries. With this attack still ongoing, it is important to know what you can do to protect yourself.
What is this thing?
The WannaCrypt virus is a new variant of malware known as ransomware. Ransomeware is a malicious software that runs on your computer in the background without your knowledge or permission. During its execution, the software encrypts all of your documents and files (targeting specifically things like Word and Excel documents as well as photos and videos). With your files encrypted, you can no longer access them without a key that only the creators of this virus have. It literally holds your own data hostage. It would take hundreds of years (if not thousands) to manually try and "guess" the key that could decrypt your data. This means, that if you want your data back, you are going to have to pay real money. At the time of this blog post, the cost to decrypt your data is about $300.
Screenshot of payment window after your data has been encrypted
How is this thing spread?
Like a lot of modern malware, this virus is spread primary through email as an attachment. To most users, the virus looks like an innocent email from UPS or FedEx. However, when opening up the attachment, the user unknowingly runs a malicious program that installs and runs the WannaCrypt virus in the background. In some instances, instead of an attachment, the virus is spread by clicking on a link in the email that leads to a malicious website that downloads and runs the virus.
What can I do to stop this thing from getting on my computer?
1. The best way to prevent this new threat from getting on your machine is to keep your software up-to-date. Currently, the virus infects a computer by exploiting a vulnerability in one of Window's core services (called SMB or Server Message Block service).
Now I am sure many are thinking, "why isn't Microsoft patching this?" Well, they did. Back in March of this year before this virus was even created. The problem is that most people do not take the time to update their machines! It is imperative that regular Windows updates be run so that security patches like this get installed and do their jobs.
2. The next way to help keep your machine safe from this threat is to have an anti-virus program installed and up-to-date. As this threat becomes more widespread, more and more anti-virus programs are being updated to stop this threat before it becomes more of a problem.
3. The last thing you can do to prevent this infection on your machine is to be mindful of your emails. When an email comes in, do some investigation before opening the attachment or clicking the link in it. For instance, use your mouse to hover over the link address and see if it goes to a reputable site. Even if the link says something like "http://www.UPS.com/" hovering over the link will reveal where it is actually going and if it doesn't match or seems odd, don't click it.
If there is an attachment be wary of any .ZIP files. A .ZIP file is an archive file format used to compress and send multiple files together. Many viruses and malware are distributed this way and most likely an attachment from UPS or FedEx will not be a .ZIP. In fact, if a UPS or FedEx email has an attachment AT ALL, it is very likely it is a malicious email.
You can also just ask yourself if the email you are receiving makes any sense. For example, if an email comes in that says your plane tickets are attached and you never booked a flight, you can be pretty certain that the email is malicious and should be deleted immediately. Emails like this are sent as what is called a phishing scam where the message is supposed to look like it is from a legitimate source but is really just trying to get information about you or access to your machine.
Always trust your gut. If something seems fishy... it's probably phishy.
What if this thing still gets through?
If WannaCrypt gets onto your machine, the odds are you won't know it until it's too late. You will then be forced to pay the ransom, or kiss your data goodbye.... UNLESS you have done your due diligence and backed up your files!
When it comes to Ransomeware, the best offense is always a good defense
Backing up your files to a secure cloud backup service is really the best way to go. Even if the virus gets through to your machine, with a secure backup in place, you can simply remove the virus and restore your files from your backup! The important thing to remember is that you must have a cloud based backup (over the internet). A local backup, such as an external hard drive, runs the risk of being encrypted too. This means that your backups won't be worth anything to you. They will be encrypted like the rest of your data. Ransomware like WannaCrypt is smart enough to encrypt local drives and even network drives which means the only sure fire way to keep your backups safe is to put them on the cloud.
Help! I still don't know if I am protected!
If you aren't sure if you are taking the best measures to protect yourself from this virus, we are always here to help! AmaTech offers many services that will keep your computer up-to-date, protected, and most importantly, backed up to the cloud safely and securely.
AmaTech Solutions offers many maintenance packages for both businesses and personal machines. This means that we take care of all of your updates so you get the peace of mind knowing that your computer is always patched and protected! We handle everything from Windows updates as well as third party updates like Adobe Reader and Java. For businesses that need to worry about being up-to-date for HIPAA or PCI Compliance this service is a must.
Anti-virus and Anti-malware Packages
Another service we provide is managed anti-virus and anti-malware software. This means that we monitor virus definition updates and scans. Gone are the days where you have to worry about keeping up with Virus Definition updates or remembering to check if you computer was scanned. AmaTech can monitor all of that for you remotely and let you know if something is wrong.
Managed Secure Cloud Backup Service
AmaTech's cloud backup service is a great way to keep your data backed up and secure. Our system is HIPAA Compliant which means it is safe and always secured using the best encryption algorithms (the good kind of encryption). Since this is another managed service, AmaTech can keep track of your backups (we CANNOT see the contents of your backup, just the status) and make sure everything is running as it should. A backup is a must for any kind of disaster recovery, not just a ransomware virus. Should something happen to your system, you can rest assured that all of your files are safe and you can be up and running in no time. When it comes to a business, being down means losing money so having a reliable backup solution is an absolute must.
This article contained a lot of information. It can be a lot to take in. With this new ransomware threat sweeping the world, it is important to make sure your computer is up-to-date and backed up with an anti-virus installed! Be sure to investigate any suspicious emails before opening attachments or clicking links. If you are still not sure about an email's authenticity try contacting the company via phone (not using the number in the email, but from the company website). Should you have any questions, feel free to reach out to us @ 203-533-9004. We are always happy to help! When it comes to beating new malware threats, we know that education and working together is key. Be safe out there!