When it comes to cyber attacks, most security experts say it’s a matter of “when,” not “if.” Well, the “When” is now for 200,000 victims across 150 countries that are still dealing with the fallout from the WannaCry ransomware attack that struck on Friday.
WannaCry’s attack vector exploited a vulnerability in the Windows operating system originally isolated by the National Security Agency. And while Microsoft had released a security update which contained a fix for this vulnerability back on March 14th, this particular ransomware was (and remains) unprecedented in its reach across the globe.
Yes, the WannaCry attack has slowed. But it has not stopped.
What does WannaCry do?
Like other Trojan horse ransomware, the WannaCry virus works by encrypting most or even all of the files on a victim’s computer. Then the software demands that a ransom be paid in order to obtain the decryption code and regain access to the affected files. In this case, the software demands that the victim pays a ransom of $300 in bitcoins at the time of infection. If the user doesn’t pay the ransom within three days, the amount doubles to $600. After seven days without payment, WannaCry will delete all of the encrypted files and all data will be lost.
Am I at risk?
If you are an SLPowers Managed Services client, you can rest assured that our Tech Services team have stayed on top of the WannaCry threat since the initial attack. Because we diligently manage our clients’ networks and implement only the best security solutions, the anti-virus software we use, Webroot, updated itself immediately to protect against this ransomware. Additionally, we have pushed out the Microsoft patch to all systems.
SLPowers Managed Services clients also have secured data backups in place that would quickly recover your organization if something like this were to plague your environment.
If you are NOT an SLPowers managed client, please feel free to reach out to us and we can assist you in implementing a comprehensive security solution that will protect your organization today and every day.
What if I’ve already been attacked?
- Do not pay the ransom demanded by the WannaCry ransomware. There is currently no evidence of the hackers restoring any victim’s files.
- Businesses should contact law enforcement and provide as much information as possible. If you are an SLPowers client, please contact our Security Operation Center immediately at 800-SLPower(s).
- Be prepared to restore backups of your data.
What should I do to protect my business?
- Apply the latest Microsoft security patches for WannaCry.
- Ensure secured backups of all key data. (You may also want to test the restoral of some or all of that data, to make sure the real world matches your own recovery time objectives.)
- Decommission any machine running an outdated operating system, such as Windows XP or Windows Server 03. (While both OS’s have been out of support for years, Microsoft took the unprecedented step of releasing security updates specifically to counter WannaCry.)
- Ensure all outgoing and incoming emails are scanned for malicious attachments.
- Ensure anti-virus is up-to-date and conducting regular scans.
Most important, make all employees aware of the WannaCry virus and educate them on identifying malicious links and emails that may contain viruses. Most victims were infected due to the actions of “accidental co-conspirators” – unsuspecting employees who casually clicked on a link that brought a world of pain.
- Run regular penetration tests against your network’s security
- Contact SLPowers today and let us handle it all. As a SOC 2-Type II Managed Security Services Provider, we deliver Enterprise-class information security to small and medium businesses, at small and medium business prices.