“WannaCry” Ransomware Attacks Spread Across 150 Countries
posted May 16, 2017 by Daniel M. Andrea, CPA, CITP, CISA in the Business Blog
As many as 150 countries have been affected by a rash of ransomware attacks this past week. Called the “WannaCry” software, this malicious ransomware confronts users with a pop-up screen demanding a $300 payment to restore their files. Here, we outline the malware and give you some tips on avoiding it.
What the WannaCry software looks like:
What can you do?
If you have been attacked, there are a few steps you’ll need to follow....
- Contact law enforcement.
- “Isolate” the systems and networks so you can prevent any malware spread. Essentially this isolation controls how and when changes are made and if they become visible to the other.
- WannaCry is easily removable from attacked systems, but removing the malware does not decrypt (decode) the files, meaning the only way to decrypt the files is restore files from a clean backup.
- After the incident is over, assess all systems to confirm that they are free from malware.
We recommend taking a few precautionary steps to protect against WannaCry. This includes:
- Keep systems fully patched with critical updates. Make sure that in this case, the MS17-010 patch is applied.
- Ensure that you have good, clean backups for your data. You want some peace of mind in case you ever need to restore your files.
- DO NOT CLICK ON ANY PART OF THE POP-UP. If you see a message like the one above, disconnect your system and report it to IT.
- Keep all cyber security precautions and protections up to date, including malware and endpoint protection.
- Educate staff on email vigilance (i.e. never clicking on links or files from mysterious sources).
For more information on how to combat a cyberattack, contact us.