IT Alert: WannaCry Ransomware

Monday May 15, 2017

Last Friday a new version of Ransomware, dubbed WannaCry, was release worldwide, affecting computers in as many as 99 countries. This morning a new variant was also released. Companies such as FedEx, the British National Health Service, and LATAM airlines have been infected.

This Ransomware is delivered via email, and when the user opens the attachment, it infects their computer due to a Windows vulnerability. The U.S. National Security Agency (NSA) secretly held this vulnerability, along with several others, until they were leaked earlier this year. Once a computer is infected, the ransomware spreads itself to other vulnerable computers throughout the network.

As with most versions of ransomware, this software will encrypt all files on the computer, and then presents the user with on screen instructions detailing how to pay the ransom in order to get the decryption key to unlock your files. Historically, even after payment, the key is not delivered about 25% of the time.

Ransomeware

Luckily, for almost all computers covered by our Carefree Computing® program, your computers are already protected. Microsoft released a patch on March 14th that plugged this vulnerability. Our Carefree Computing® agent patches workstations nightly, effectively preventing this infection (Unless the user keeps denying the updates). Servers on FULL coverage are updated on at least a quarterly basis, so over half should already be protected. However, since the original entry point is almost always a (now protected) desktop, the risk to those servers are much lower. The main exceptions being Windows XP desktops and Windows Server 2003 computers. Microsoft released a patch for those just Saturday (May 13th). If you have any materially at risk systems, your Project Manager will be in contact to schedule needed updates and reboots.

Likewise, most of our Carefree Computing® clients, as well as many of our hourly clients, have a Datto Backup/Disaster Recovery/Business Continuity device that archives file backups for generally a year. Therefore, if any of those clients are hit, it is a fairly easy process to restore the files from before the infection (assuming the files were saved to a backed-up server).

If you have systems that are not on our Carefree Computing® program and are not protected by one of our Datto systems, then you might be at risk. To protect yourself, please be sure that your security patches and Anti-Virus signature are up to date.

Of course, we are available 24/7 at +1-855-SPOTLINK or support@spotlink.com to provide professional assistance if needed.

Category: news - Tags: alert, ransomware

« TekTalk: Surviving Technology Disasters - Our Emails are Certified Safe. »