WannaCry’ Ransomeware Outbreak: All you need to know and how to keep your device safe!
This is to warn you about a new strain of the Ransom.CryptXXX (WannaCry) strain of ransomware that began spreading widely on May 12, 2017 and has impacted a large number of organizations, particularly in Europe.
The malware that appears to be behind the attack exploits a vulnerability in Microsoft Windows (MS17-010) for which Microsoft released patches in March.
UGCS IT Security is monitoring the situation. In general, though, if users keep their devices updated, our systems should be protected.
Action item: Make sure your operating system is updated!
What is the WannaCry ransomware?
WannaCry encrypts data files and ask users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.
It also drops a file named !Please Read Me!.txt which contains the text explaining what has happened and how to pay the ransom.
Why is it causing so many problems for organizations?
WannaCry has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows. Computers which do not have the latest Windows security updates applied are at risk of infection
Can I recover the encrypted files?
Decryption is not available at this time but Symantec is investigating. Symantec does not recommend paying the ransom. Encrypted files should be restored from back-ups where possible.
What are best practices for protecting against ransomware?
New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form.
Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.
Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
If you suspect that you have been attacked by the malware, immediately report to the UGCS IT Security Team at firstname.lastname@example.org,gh or through our regular service desk channels