By now you have likely heard about the WannaCry ransomware campaign spreading across the globe and locking down the data of some of the world’s largest companies. The malware appears to exploit a SMB flaw that Microsoft provided a patch (MS17-010) for in March 2017. To date, WannaCry has infected over 200,000 machines in over 150 countries.
You may have heard that the worm has been successfully stopped and you have nothing to worry about, but the vulnerability still exists on millions of systems and variants are being created.
GoVanguard's managed services clients can rest assured that their systems are patched and protected. As always, we ask you to remain vigilant and report any suspicious behavior.
For everyone else, below are some points to help you understand if you are at risk and what should be done to best protect yourself from this and other malware.
Am I at risk for WannaCry?
- If you or your organization is running a version of Windows, you could be at risk.
What should I do to protect myself from WannaCry?
Individuals and small businesses should:
- Run Windows Update to get the latest software updates.
- Make sure any anti-virus product is up to date and scan your computer for any malicious programs. It's also worth setting up regular auto-scans.
- Back up important data on your computer in case it gets held for ransom.
Large organizations should:
- Apply the latest Microsoft security patches for this particular flaw.
- Back up key data.
- Ensure all outgoing and incoming emails are scanned for malicious attachments.
- Ensure anti-virus programs are up to date and conducting regular scans.
- Educate employees on identifying scams, malicious links and emails that may contain viruses.
- Make sure to run “penetration tests” against your network's security, no less than once a year, according to the Department of Homeland Security.
What if I've already been attacked?
- Do not pay the ransom demanded by the WannaCry ransomware, cybersecurity firm Check Point warned in a blog post Sunday. The company said there is no evidence of the hackers giving people files back.
- Contact local IT support services.
- Businesses should contact law enforcement and provide as much information as possible.
- Restore backups of data.
How can I prevent ransomware attacks?
There are also steps that can be taken to protect against ransomware more generally. These include:
- Restrict logging in to your computer using an account with Administrative rights; if your user account is in the administrators group, remove it.
- Making sure anti-virus programs are up to date and updating all software.
- Back up copies of data.
- Scrutinize links and files contained in emails.
- Only download software from trusted sources.