Security Bulletin: WannaCry

WannaCry has infected over 230,000 computers in over 150 countries as of the date and time of this post.

What is WannaCry?
WannaCry, a ransomware program, encrypts files on the infected computer. Encrypting the files renders them inaccessible without the decryption key. In order the get the key, victims are required to transfer money to the criminals in the form of Bitcoins.

WannaCry exploits a vulnerability in the Microsoft Windows operating system. Microsoft released a patch for this vulnerability in March of this year. However, many computers were not updated before this attack and the patch only applied to newer Microsoft operating systems. Microsoft has since released a patch for older operating systems as well.

How is WannaCry spread?
The WannaCry virus is spread by phishing emails (emails that appear to be from a known person but contain links to malware). Once a computer is infected, the virus searches for vulnerable computers on the network and infects those computers.

How do I know if I have been infected?
If your computer has been infected, you will see a notice informing you that your computer is infected and instructing you to transfer payment in the form of Bitcoin to get the key to decrypt your files.

What can I do if I have been infected?
If you have a backup of your computer, you should take the computer off the network and restore the computer using a backup from before the infection date and time. Using another computer, you should download the patch from Microsoft (found here https://technet.microsoft.com/en-us/library/security/ms17-010.aspx) and install the patch on your newly restored computer. The computer should now be free of the WannaCry infection and protected against being infected by the same virus again.

If you do not have a current backup, there is no easy solution. You can pay the ransomware fee. However, this encourages criminals to continue these types of attacks and there is no guarantee you will get the key to decrypt your files. If you do choose to pay the ransom you should pay quickly as the cost to decrypt your files goes up as time goes on. The alternative to paying the ransom is to format your hard drive and install a fresh copy of the operating system. You will need to ensure the new operating system is properly patched before accessing a network or the internet.

What is the long-term solution?
If your computers or servers are using an older, unsupported operating system, you need to upgrade to a supported operating system. You can lists of supported operating systems by type of product on Microsoft’s website. Also, both individuals and organizations need to install Microsoft updates as soon as they are available although organizations may need to perform testing before installing Microsoft patches.Greystone is committed to providing our customers with a secure computing experience. Technology tools like firewalls and antivirus software are the start of a good defense. But the human element is the most important piece. Training, company policies, and documented processes are the most effective ways to ensure your organization is secure. Please contact us if you would like us to review your security procedures and policies or to schedule security training for your staff.

Links included in this bulletin:
Microsoft patch for WannaCry vulnerability:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx