WannaCry ransomware attack
As you may be aware, the tech news headlines over the past week have been dominated by the new strain of ransomware called "WannaCry". This ransomware leverages a bug in Microsoft Windows computers which encrypts all of your data then requests payment in Bitcoin. Those of you who have been following this blog over the years would recognise the modus operandi of this ransomware being very similar to that of the original Cryptolocker ransomware. There is nothing technically different about this ransomware however, the method of infection and the amount of Bitcoin requested differ from the original Cryptolocker ransomware.
Ransomware usually infects a computer when a user opens a phishing email which then infects that computer with WannaCry. Once installed, WannaCry uses the EternalBlue exploit developed by the U.S. National Security Agency (NSA) to spread through local networks and remote hosts, that have not been updated with the most recent security updates, to directly infect any exposed systems. The infected computer then displays a message which demands a ransom for the decryption of your data. What's different about WannaCry is that it demands only $300US worth of Bitcoin (which doubles after 3 days if not actioned). This is considerably less than previous ransomware products which can easily demand 4-5 times that amount of Bitcoin.
A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack in May, but the affected organisations had not yet applied it.
For those of you on Loyal I.T.'s Managed Services, the installation of these patches has been performed automatically and as a result, those PC's and servers that are managed, are not vulnerable to this attack. Loyal I.T.'s recommended antivirus product, Vipre Antivirus, detects and quarantines WannaCry before it can encrypt any data.As we follow Microsoft's Best Practices, all PC's and servers we setup have Windows Updates configured and activated. However, if you would like Loyal I.T. to confirm the patches have been applied to your systems, please contact us on 02 4337 0700 or email firstname.lastname@example.org to log a ticket.