WannaCry or WannaCrypt ransomware hit several countries in Europe and Russia hard last week, the US was not hit as hard, some companies in the US like FedEx did report some disruption to their network.
The ransomware is based on an NSA exploit that was released to the public. Microsoft released a patch for the exploit shortly after the leak.
Although ransomware is not new, it has not been so widespread before. There were usually limited infections. You would hear about some people or a hospital or police agency being infected and paying the ransom to get access to their files again not entire portions of the world.
The first wave was partly stalled when a security researcher found that the ransomware was trying to reach out to a web address that was not active. He registered the name and that turned out to be like a “kill switch” stopping the infection from spreading as badly.Unfortunately
Unfortunately, the authors were able to easily remove that kill switch and start a second wave that is currently spreading.
Many fear Monday will bring a third wave of infections as people go back to work and start reading their emails, and this one will affect the US much more.
What to do to protect yourself
Protecting yourself or company is surprisingly straightforward and it is how to protect yourself from most infections.
- Update your operating system. – have Windows update turned on and set to install automatically. (Microsoft patched this issue weeks ago.)
- Update any anti-virus or malware software you run. After a short time AV companies push out ways to detect these big infections.
- Don’t download attachments or click on links in email that you don’t know exactly what they are.
- Backup your systems. – If you have a good backup, it won’t matter if your files get encrypted, you can just replace them.
- If you are a business implement good firewall systems and other networking security rules.
If it is so easy to keep from being infected, why is it such a problem?
Unfortunately, although easy, many people and companies do not follow these procedures.
- Many company IT departments are not provided with the necessary support (money $).
- Some business’ don’t implement firewall and other security measures because it would make doing their day to day work much harder or even dangerous to customers such as hospitals.
- Some companies believe it is cheaper to pay the ransom than put the time, effort, and money into restoring backups or investing in the various infrastructure needed.
- Many of the infected computers were running Windows XP or 2000 wich have not been supported for years now. – Microsoft did put out a patch for these systems since it is such a big problem!