More about the WannaCry Ransomware Attack

More about the WannaCry Ransomware Attack

Since WannaCry ransomware began holding hundreds of thousands of computers hostage around the world, a lot has happened. We thought we'd offer an update and yet again reiterate how to avoid paying off cybercriminals to regain access to important computer files.

WannaCry, a History

WannaCry came on like a giant hail storm from a clear blue sky on Friday, May 12. On that single day, users of 75,000 computers in 99 countries unhappily learned their files were locked up by a hacker's virus, and they would have to make a bitcoin payment (typically $300) to get them back. If victims don't pay quickly enough, the price doubles. If you wait too long, you never see your files again. Also, because of a problem properly crediting payments, not everyone who paid the ransom had their files unlocked. (Supposedly, the hackers have corrected this problem.)
The crooks responsible for WannaCry exploited a weakness in Windows operating systems with a computer worm that encrypts data, making affected computer files inaccessible. Windows had, in fact, released protective patches in March that could have easily been installed with a regular software update. (If you think you missed installing the patch on your home computer, go to this page ... By the way, if you're reading this and you are a SynchroNet customer, you are good to go.) What makes WannaCry especially virulent is that it can spread throughout corporate networks without user-interaction. In other words, if you're part of an infected network -- i.e., someone on your network fell for the scam -- you don't have to open an email or click on a link to have the virus lock your files; your colleague may have opened the door already.

Fighting Back

As the virus has spread, efforts got underway to fight back. The day after WannaCry hit, a 22-year-old researcher in the United Kingdom noticed a domain name used by the hackers hadn't been registered, so he did this himself for $10.69. He took control of the domain to track how the virus was spreading, but in a lucky break, his surveillance inadvertently triggered one of the hackers' own security measures which caused the virus to "kill" itself. (You can read a detailed account here.) Unfortunately, the hackers fixed the "bug" in their bug, so within a few days the virus was back in action. On Friday, May 19, Reuters reportedthat French researchers had found a way to unlock the decrypted files without paying the ransom. A problem with their method though, is that it won't work if the computer has been rebooted (the first thing most people instinctively try). Incidentally, by that date, 300,000 computers in 150 countries had been victimized.

Learning from WannaCry Ransomware

One positive outcome is that the scope of this ransomware attack has generated a great deal of public awareness -- and perhaps this will spur intensified R&D investment in prevention and counter measures from software manufacturers, as well as government defense and law enforcement agencies. Though a $300 ransom is relatively small, we note that hospitals were prominent among the initial targets, putting the healthcare and lives of huge numbers of people at risk. It's also easy to imagine a virus like WannaCry affecting databases used by emergency first responders. Collectively, we can't afford to view ransomware like WannaCry ransomware as just an especially annoying "cost-of-doing" business.

What You Can Do

In the meantime, we individually remain our best defense against ransomware. To help protect your files:

  • Make sure your security software on your personal computers (Windows Defender, Symantec, McAfee ... etc.) stays up-to-date.
  • As noted earlier, be diligent in installing updates to your home operating system software.
  • Both at work and at home, be wary of emails from unexpected or unfamiliar sources-especially if they contain links or attachments. Public email sources like Yahoo, MSN, and Gmail are favorite options because they are free, so unexpected emails sent or received from these domains may be suspect. (We may have already mentioned this a few dozen times.)
  • Have your files backed up and safely stored in a way that allows for fast restoration and access, and consider using cloud services to mitigate the risks of a ransomware infection (e.g. the SynchroNet BackUpMyNet appliance).
Of course, being subscribed to The SynchroNet Way and using one of our on-premise or cloud-based servers should provide you with peace of mind. (Look for the Blue Ball in your task tray by your PC clock.) If, however, you ever feel your computer has been compromised, disconnect from your network, and call us immediately. We're always here to help.