New ransomware threat infecting systems globally

An unprecedented ransomware cyberattack hit over 200,000 victims in 150 countries over the weekend, leaving systems frozen and critical documents unreadable.

Known as WannaCrypt, WannaCry, WannaCryptor or Wcry – the ransomware exploits a known vulnerability in Microsoft Windows. The vulnerability was identified by the U.S. National Security Agency for its own intelligence-gathering purposes. The NSA tools were stolen by hackers and made available on the internet. Microsoft had corrected the vulnerability by providing a patch in March, however, many users have not yet applied the software fix.

Britain’s National Health Service, Russia’s Interior Ministry, Telefonica (Spain), FedEx and Renault all reported infection. Chinese media reported that students at several universities lost access to their thesis papers and dissertation presentations. However, even small businesses in New Zealand are vulnerable to infection.

Once a computer is infected, documents are encrypted and a “ransom message” is left on the computer. US$300 in bitcoin (a type of digital currency) is demanded in exchange for the decryption key to unlock the files. Victims have three days to pay before the fee was doubled to US$600.

 

How can my system get infected?

Hackers can get ransomware onto your system if you download an infected piece of software. These generally come in the form of an email attachment or a link in an email to an infected website.

When victims open the attachment or visit the infected link, their computers become infected. Once a network has one infected machine, that machine then seeks out other vulnerable computers on the network (those that do not have the Microsoft patch).

It is important to note that the Microsoft patch only stops the infection from spreading to your machine. Opening a malicious attachment or link may still see your documents becoming encrypted – even if you have up to date antivirus software.

 

How do I protect myself?

Ensure that your computer is completely up to date by installing all updates via Windows Update. ADC recommend that PCs are set to “install updates automatically” so that your system continues to be patched as Microsoft release further fixes to vulnerabilities in the future.

You should also ensure that your antivirus software is up to date.

The best protection, however, is to remain vigilant. Do not open email attachments from unknown sources and be wary of links sent to you in an email. Keep in mind that hackers often use behavioural tactics to try and coerce users into click malicious links (e.g. “Your payment to us was declined. Please click here to organise alternate payment and avoid paying further penalties”).

 

What can I do if my system gets infected?

Although we do not recommend paying any form of ransom to decrypt your files, already infected users are limited to recovering files from backup, if available.

 

How can ADC help me?

ADC can audit your systems to ensure they are up to date with Microsoft patches and antivirus systems. We can also perform remediation to ensure your systems are up to date should we find any critical issues.

We manage, monitor and maintain clients who subscribe to Managed Services (for both on-premise equipment and Cloud Servers) with us. We also provide additional layers of protection for those with ADC Cloud Services.

Please contact our team if you’d like a system audit or would like more information on Managed Services and Cloud Services.