WannaCry Ransomware 


 

What is it?


National Institute of Standards and Technology (NIST) Information Technology Director Charles Romine was among the witnesses at a hearing on June 15, 2017 on the impact of the recent global ransomware attack and ways to strengthen the governmental cyber security. The cyber attack, known as “WannaCry,” began on May 12, 2017, and infected more than 300,000 users in some 150 countries.

The ransom is $300 and you've got 3 days to pay before it doubles to $600. If you don't pay within a week then the ransomware threatens to delete the files altogether. Note the social engineering aspect here too: a sense of urgency is created to prompt people into action. A sense of hope is granted by virtue of the ability to decrypt a sample selection of the files. (Note the "Wana Decrypt0r" title on the window to the left: the three terms WannaCry, Wcry and WannaCrypt are all referring to the same piece of malware, they're merely various representations of the same name.)

Who was affected by it?

Any PC running Windows that didn't have the latest Microsoft security patch installed were susceptible to the WannaCry ransomware, especially those still running Windows XP since Microsoft stop providing updates to Windows XP since April 8, 2014.  

Over 200,000 computers in over 130 nations had their data encrypted and unusable from WannaCry, including several hospitals and government agencies.  The ransomware worm was only stopped from spreading when an IT employee (who goes by MalwareTech) registered a specific domain address that he found in the decompiled code which inadvertantly activated a kill switch. 

What can I do to be protected from potential ransomware?

To be protected from potential ransomware, IDACOMP recommends the follow steps:

  • Ensure your Microsoft Windows updates are set to automatically install
    • Setting a group policy is HIGHLY recommended
  • Backup your important files to an off site cloud provider
  • Install an antivirus / antimalware program on all computers within your network
    • IDACOMP recommends a combination of WebRoot and Malwarebytes
  • Avoid clicking on unfamiliary links in email messages 

Contact IDACOMP for a free, onsite security evaluation to evaluate your organization's potential risk for ransomware and solutions for preventing losses 

endpoint logo