“WannaCry” Ransomware Attacks Spread Across 150 Countries - A Business Blog Article from KLR

Business Blog

“WannaCry” Ransomware Attacks Spread Across 150 Countries

posted May 16, 2017 by Daniel M. Andrea, CPA, CITP, CISA in the Business Blog

  • LinkedIn
  • Google+

As many as 150 countries have been affected by a rash of ransomware attacks this past week. Called the “WannaCry” software, this malicious ransomware confronts users with a pop-up screen demanding a $300 payment to restore their files. Here, we outline the malware and give you some tips on avoiding it.

What the WannaCry software looks like:

What can you do?

If you have been attacked, there are a few steps you’ll need to follow....

  1. Contact law enforcement.
  2. “Isolate” the systems and networks so you can prevent any malware spread. Essentially this isolation controls how and when changes are made and if they become visible to the other.
  3. WannaCry is easily removable from attacked systems, but removing the malware does not decrypt (decode) the files, meaning the only way to decrypt the files is restore files from a clean backup.
  4. After the incident is over, assess all systems to confirm that they are free from malware.

Our Advice

We recommend taking a few precautionary steps to protect against WannaCry. This includes:

  • Keep systems fully patched with critical updates. Make sure that in this case, the MS17-010 patch is applied.
  • Ensure that you have good, clean backups for your data. You want some peace of mind in case you ever need to restore your files.
  • DO NOT CLICK ON ANY PART OF THE POP-UP. If you see a message like the one above, disconnect your system and report it to IT.
  • Keep all cyber security precautions and protections up to date, including malware and endpoint protection.
  • Educate staff on email vigilance (i.e. never clicking on links or files from mysterious sources).

For more information on how to combat a cyberattack, contact us.