May 15, 2017

As you’ll likely have noted from recent media coverage, on Friday 12th May a new type of ransomware (named variously WannaCrypt/WannaCry/WCry) began appearing on computers running Microsoft Windows worldwide – within a matter of hours this infection spread to tens of thousands of devices across nearly 100 countries, causing significant issues for the affected organisations (including the NHS in the UK).

Whilst Friday’s outbreak was subsequently halted through the actions of security professionals, new variants have already begun to appear which cannot be controlled in the same way and that extend the risk of damage to organisational data.

What is the risk?

Ransomware is not new – this malicious software (malware) is designed to strongly encrypt your most important files (by targeting particular file types), at high speed, rendering them inaccessible to you. Once the files have been encrypted the application will move on to making demands for an untraceable payment using Bitcoin (an online currency) in return for the promise of a decryptor for your own data.

In this instance the ransomware has been combined with a technique (details) which allows infections to travel from one machine to another – this means that the malware spreads quickly between connected machines, such as on a company network. It is this combination which has made the outbreak so widespread and the impact so visible.

A number of defences are available – Microsoft began protecting against this combination of vulnerabilities using a security patch which became freely available in March 2017 (details). This family of patches provides cover for all currently supported versions of Windows (Windows Vista/Server 2008 or newer), but Microsoft have taken the uncharacteristic step of also providing patches for Windows XP/Server 2003 as a service to their customers.

Further information on the outbreak, as well as suggestions from the UK National Security Cyber Centre are available here:-

What can you do?

There are 3 courses of action that we strongly recommend – both within an organisation, and for home/consumer users

1)      Ensure that Windows Update has installed all recommended patches, or download and install the specific patch which suits your Windows version which closes the vulnerability that the current outbreak takes advantage of (details here, see below)

2)      Ensure that your desktop/server antivirus product is up to date, and run a scan

3)      Ensure that you have a backup for your data which is not accessible/vulnerable to ransomware, or if you don’t have a backup take steps to make one as soon as possible

4)      Remain diligent when opening emails (and particularly attachments) from correspondents that you don’t recognise (fake or ‘phishing’ emails are a regular source of malware, part of a chain of events that can lead to ransomware arriving on your machine)

If your current IT support company are not performing these basic tasks and not supporting you in the correct way do not hesitate to get give us a call to discuss your situation, our office number is 01252 350 690.