Experts have previously warned about the threat of ransomware attacks on businesses, but last Friday it became a reality; over 220,000 computers were infected by a new, previously unknown ransomware virus. Many NHS hospitals, the French car maker Renault and the German state-owned railroad operator Deutsche Bahn have already been infected and it is expected that other companies will be victims of the attack too. Once activated, the ransomware (called ‘WannaCry’ or ‘WannaCrypt’) encrypts files, drives, and entire networks. Once a system has been infected, a screen will show that the computer and the data are locked and can only be unlocked by paying a ransom in the form of the crypto currency Bitcoin.
This type of malware was only able to spread so quickly because the cyber criminals had used a zero-day gap in the Windows operating system. Microsoft had already released an important security bulletin and important patches of this vulnerability in March with security update MS17-010. You can find the full details here:
Even though Microsoft discontinued support for Windows XP, Windows 8 and Windows Server 2003, in light of this huge ransomware attack the released new patches to fix the security gap on systems still running these two OS versions, even if you’re not on a custom support plan. Check out this link for the full article from Microsoft explaining what to do next:
Microsoft note that users who are running supported Microsoft OS versions should have received update MS17-010 back in March; if you installed this update (or you have automatic updates turned on) then there should be nothing to worry about. If you have not already done so, it is strongly advised to install the appropriate patch for your respective Windows OS as soon as possible.
Even with the best precautions and policies in place, you may still suffer from a ransomware attack. In the event your data is held hostage by ransomware, here’s some advice to bear in mind:
- Remain calm. Rash decisions could cause further data loss. For example, if you discover a ransomware infection and suddenly cut power to a server (versus powering it down properly) you could lose more data in the process.
- Check your most-recent set of backups. If they are intact and up-to-date, the data recovery becomes easier to restore them to a different system.
- Seek help from a specialist and never pay the ransom. There have been many cases of ransomware victims paying the ransom demanded and not receiving their data back in return. Rather than running this risk, companies should work with data recovery experts who may be able to regain access to data by reverse engineering the malware.
Engineers at Kroll Ontrack have so far identified over 225 variations of ransomware infecting user devices, however there are more being created every day, plus others that may not have been reported already.
Safeguarding your data
With this particular ransomware strain hitting the headlines and large organisations, now is a good time to prepare your systems against potential cyber-attacks. Here’s some of the preventative measures you can take to safeguard your data:
- Create and follow a backup and recovery plan. Ensure that a plan includes storing backups offsite.
- Be prepared by testing backups regularly. Organisations and individuals must be familiar with what is stored in backup archives and ensure the most critical data is accessible should ransomware target backups.
- Implement security policies. Use the latest anti-virus and anti-malware software and monitor consistently to prevent infection. Always keep your systems up-to-date and apply the latest security patches.
- Develop IT policies that limit infections on other network resources. Companies should put safeguards in place, so if one device becomes infected with ransomware, it does not permeate throughout the network.
- Conduct user training, so all employees can spot a potential attack. Make sure employees are aware of best practices to avoid accidentally downloading ransomware through malicious files, or opening up the network to outsiders.
By following this advice you should be better prepared against ransomware attacks, including any resurgence of the WannaCry malware that is currently circulating.
Have you or your business been affected by WannaCry or another form of ransomware? Get in touch with us by tweeting @DrDataRecovery
Michael Nuncic is Marketing Communications Manager at the German Ontrack Data Recovery office in Böblingen for more than 5 years. Highly experienced in computer, network and software topics, he is a professional editor for blog and technical articles for almost 20 years now.