Since Friday, May 12, we’ve seen many reports about the WannaCry ransomware attack that has been hitting computers worldwide. Although a researcher was fortunate enough to accidentally stop the initial wave of attacks, recent reports indicate that the attackers have launched a new round of attacks. Researchers suspect that initial infections may have occurred through phishing attacks and malvertising sites. The WannaCry ransomware itself is promulgating as a worm through networks worldwide.
The WannaCry ransomware affects machines running the Windows operating system. It was a security flaw that was originally exploited by the U.S. National Security Agency (NSA), which was then leaked earlier this year. Hackers are now using this themselves.
If you or your organization is running a version of Windows, you could be at risk.
Ransomware is malicious software that encrypts a victim’s hard drive and then demands that a ransom be paid in order to decrypt the contents. Ransomware may spread through infected attachments, malicious links, worms and other vectors.
What you should do
- Back up your information before you’re attacked.
- Ensure that your computer is up to date with patches. Run Windows Update ASAP to get the latest software updates. Unpatched Microsoft systems are vulnerable to the WannaCry ransomware variant.
- Ensure that anti-virus/anti-malware is up to date and functioning.
- Use a strong password and don’t share it.
- If you receive an e-mail with an unexpected attachment or link, verify with the sender BEFORE opening the attachment or clicking on the link. The sender’saccount may be compromised. The malicious e-mail may come from them.
- Ensure all outgoing and incoming e-mails are scanned for malicious attachments.
- Educate employees on identifying scams, malicious links and e-mails that may contain viruses.
- Make sure to run “penetration tests” against your network’s security, no less than once a year, according to the Department of Homeland Security.
- Do not pay the ransom demanded by the WannaCry ransomware. There is no evidence of the hackers giving people files back.