Blog

Tip of the Week: Ransomeware Make You WannaCry

18:17 01 June in Tip of the Week, Tip of the Week Corporate Security

The threats posed by ransomware continue to increase as does their sophistication and complexity. Ransomware is a malicious piece of software that once it gets into your computing device will begin encrypting your files so you can no longer access them without the password or passphrase to decrypt them. The creators of these programs then demand payment before releasing these needed codes.

The damage caused by these incidents can be quite traumatic. Losses due to work stoppages or time spent trying to fix the problems and to prevent them from occurring in the future are very costly and usually far more expensive than the ransom amount being demanded. In many cases the ransom amounts are no more than 300.00 to 500.00 in United States Currency.

One of the latest iterations of ransomware known as WannaCry recently made a splash throughout the world. One of the main lessons emerging is the importance of keeping your computers up to date and fully patched. Microsoft had released a patch for the vulnerability that WannaCry uses a full month prior to the release of the malicious software that has caused so much damage.

Apple’s Mac operating system, macOS, is not known to be directly affected by the vulnerability. However, those using Windows on their Macs will need to install the appropriate update to ensure that their Mac’s copy of Windows doesn’t become infected.

Microsoft recommends that windows users enable their computers to automatically install patches upon release. This is a link to the webpage containing the instructions on how to do this for the various Microsoft operating systems.

Here are the instructions for turning them on with Windows 10.
1. Select the Start button, then select Settings > Update & security > Windows Update. If you want to check for updates manually, select Check for updates.
2. Select Advanced options, and then under Choose how updates are installed, select Automatic (recommended).

Steps to specifically take to thwart the WannaCry infection are:
1. Find and begin using an anti-malware product on all your computers.
2. Install the official Windows patch called MS17-010 at https://technet.microsoft.com/en-us/library/security/ms17-010.aspx, this will close off the vulnerability that is being exploited by WannaCry.
3. Scan your computer and if it detects the malware attack, MEM:Trojan.Win64.EquationDrug.gen, make sure you have the patch installed and reboot your computer.

The following are Best Practices for protecting yourself from ransomware.

1. Keep your operating system and other software fully patched and updated.
2. A common attack vector is email. Be very cautious with opening it. If you don’t recognize the sender or the email title appears suspicious or poorly worded just delete it. Do not click on any unexpected links or attachments.
3. Be very cautious of Microsoft Office document that requests that you enable macros to view it.
4. Backing up your files is one of the best ways to ensure business or personal continuity. This will help prevent any catastrophic type events where all your data is permanently lost. The backup data should be “air gapped” or stored off line so that an attacker cannot locate it on your network and can’t be accessed by ransomware.
5. Using “Cloud Services” for storage to secure your data. They usually have built in industrial grade security and routinely back up data as part of their service.

kathy-leodler-headshot-for-sidebarKathy Leodler
Chief Executive Officer
Email:kathy.l@rampartgroup.com
Phone: (360) 981-2703
PI License #3555
paul-leodler-headshot-for-sidebarPaul Leodler
Executive Vice President
Email:paul.l@rampartgroup.com
Phone: (360) 981-3397
PI License #4180

We at Rampart Group are committed to your security. Call 1-800 421-0614 or contact us today with your security or investigative needs.