WannaCry ransomware — and what you should be doing about it

In the past 48 hours ransomware known as “WannaCry” or “Wanna Decryptor 2.0” has swept round the globe. High profile victims include the UK’s National Health Service, with hospitals and GP surgeries affected, as well as Spain’s Telefonica and Fedex in the US. With more than 75,000 computers in 99 countries infected in the first 24 hours, Europol described the attack as “unprecedented in scale”.

What is WannaCry?

WannaCry is ransomware, a form of malware that encrypts all the files on your computer and then asks for a payment, in bitcoin, for the files to be decrypted. Most ransomware isn’t targeted against specific organisations, but instead spread as widely as possible to increase the financial gain for the criminals behind the attack. WannaCry seems no different.

What is different is the pace at which the WannaCry ransomware has spread. Initial delivery may be via a phishing email, but the ransomware then propagates automatically from one machine to another using a protocol called Server Message Block (SMB), used by Microsoft Windows machines for network communication. SMB has a known vulnerability which was fixed via a security update issued by Microsoft on 14 March 2017 (MS17–010). Unfortunately many organisations had not applied this update, almost two months on. Also, as they are considered obsolete, no security update was initially made available for very old versions of Windows (XP, 2003 etc).

What should I do to protect myself from WannaCry (and other ransomware)?

Four key steps to help prevent ransomware taking hold on your machine or in your organisation:

1. Be careful what you click on

In the majority of cases ransomware enters an organisation, or gets onto a home PC, because the user has clicked on a malicious link or attachment in an email. Be very cautious of unexpected or unusual emails. Delete them if at all possible. If you think they may be legitimate then call the sender to make sure. Remember that a malicious email can come from a friend or colleague if they have been attacked.

2. Keep your operating system and applications up to date

Apply the updates provided by software vendors as soon as possible. In particular ensure security related or critical updates are applied promptly.

3. Use reputable anti-virus software and keep it up to date

Anti-virus software will protect you from known malware. The vendors of anti-virus software provide regular updates with new threats. All the main providers have included protections against WannaCry in a recent update. It is important that those new threats are recognised by your system as quickly as possible. The speed of spread of WannaCry shows that updating your anti-virus software daily may not be enough, so if possible set it to update more regularly.

4. Use application whitelisting software

Application whitelisting software will only allow known programs to run on your system. Those programs might be included on a database provided by the vendor, or added specifically by you or your organisation.

And in case it goes wrong — have a regular backup programme

In this highly connected world, keeping your systems 100% secure is tough, and it is worth giving some thought to how you will respond if you do end up the victim of a ransomware attack. Make sure you take a regular backup of your data and store it securely, preferably offline. Check to make sure you can restore from that backup should you need to. That way, if your systems are ever infected with ransomware you have another option, not just pay up or lose everything.

Mandy Simpson is CEO at Wellington based consultancy firm Cyber Toa. She is a member of the New Zealand Institute of Directors and on the boards of Punakaiki Fund and NZTech. This article was first published at cybertoa.com