Following the event of the successful and large scale ransomware attack, and a very busy weekend for a lot of Managed Service Providers, we wanted to inform you and your organisations what actions you can take now, and in future, to assist in reducing the exposure and risk from these types of cyberattacks.
What is WannaCrypt and what does it do?
This particular type of ransomware has many variants and names: WCry, WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r. It acts like a worm that propagates automatically, this means that it's extremely dangerous. It encrypts files on affected computers, spreading to other computers via local network(s) and demands that a Bitcoin ransom is paid to decrypt the device within a certain time frame, or it will remain locked forever.
How did this attack happen?
Whilst there is a lot of press pertaining to how this email has managed to propagate so quickly, the main belief is that the source of the attack was from an infected email.
Is the attack over now?
Unfortunately no. There are reports that the attack was stopped by a killswitch, this didn't stop Wannacrypt, it just slowed it down. Please be careful and aware, proceed with caution and ensure that your systems are up to date.
How can we reduce the risk of infection?
Make sure that your systems and its endpoints are up to date with Microsoft's 'MS17-010 patch', and that your Antivirus and Anti-malware software are also up to date.
Microsoft has released patches for Windows 2003 Server and Windows XP, both of these products are out of extended support and so will need particular attention.
Whilst security software is certainly required to protect your organisation against such attacks, in isolation they are not enough to prevent or mitigate against every type of attack. Therefore we recommend the following extra measures should be taken and communicated to your staff to help raise awareness of how they can avoid falling victim.
Web / Email Security Tips
Check that you have adequate web filtering software.
Ransomware can infect your network and/or computer via gaps in your security, contained, for example, within on-line advertising and 'pop-ups' or more traditional website ads. Ensure that you have sufficient quality web filtering software, able to identify and block dangerous and malicious behaviour. If in doubt, act with caution and follow the advice and guidance of your web filter vendor
Check that email you receive is from a trusted source.
Look at the “From” address- often untrusted emails will attempt to impersonate or masquereade as a colleague's email addresses by subtly changes a character in the address, such as an “i” or an “l” in the wrong place. Be vigilant!:D
Check the emails subject and content.
The subject may appear to be genuine, but be careful, the content may not be, look out for bad spelling, bad grammar, odd hyperlinks, things that are out of place.
Ask yourself is this email relevant to my position and job.
Is the email something that you would not normally receive as part of the your job?
Is the email solicited or not.
Sometimes attacks will be related to email requests that you have made, check that you did indeed solicit a response from the “From” address in the first instance, did you request the information in the first place, if not delete the mail. Also beware of emails beginning as replies, ':re' that are not actually in response to anything.
Be mindful of Attachments!
Viruses will often include a malicious file attachment as part of a phishing email, the email should be deleted immediately, you should not open the attachment.
Check, the “From” address is legitimate, you have a legimate email trail, you have requested the attachment, the file type of the attachment matches your request, i.e. you asked for an Excel spreadsheet and have received a pdf file.
Links in the email.
Emails may contain website links asking you to click on them to find out more, usually by hovering over the link you will see the destination, you can copy the link and paste into a text editor to read the link and review the link.
In short, replace unsupported operating systems, make sure that you have a robust patching process to continually stay up to date and provide adequate training to staff on web and email security.