The WannaCry Ransomware Attack has been sweeping the globe in over 150 countries, and it doesn’t show any signs of slowing down. What might be the most concerning is there is currently no way to stop WannaCry once your computer has been infected. As with anything, we recognize the first step to handling a situation is learning vital information on the subject.
We sat down with SNS Partner, Glen Dobranski, to discuss everything you need to know about WannaCry, and what you need to do to protect your business.
What exactly is WannaCry?
WannaCry is a variation of Cryptolocker, which encrypts the files on your computer so you can no longer use them, then holds them ransom. These files can only be accessed through a password that you pay for. The idea of ransomware is nothing new and has been around for years. This one is different because it exploits vulnerabilities in old software that hasn’t been patched.
How do you get it?
WannaCry is shared through malicious emails, links, and downloads. The best way to prevent it is by avoiding clicking any unknown links, opening suspicious attachments, or downloading anything you aren’t sure of. It’s important to note that once WannaCry gets onto one computer on a network, it can spread rapidly through file sharing to other computers on that network. Moving a device from one network to another (like taking your work laptop home) can expose that network as well.
Who is most at risk?
Computers running older versions of Microsoft Windows. An operating system such as Windows XP hasn’t been supported in a number of years. When you rely on these outdated operating systems, it’s just a matter of time before they are exposed. Keeping up to date with software updates and security patches is a matter of function vs. familiarity. People sometimes view updating software as a hassle. It’s important to remember that these updates help to ensure your system is secure.
What Should You Do if You Get it?
The most important thing is prevention and preparedness. Once your computer is infected with WannaCry, your files become encrypted and there is no way to remove the virus. The hackers will proceed to demand a sum of money to be transferred via bitcoin, an untraceable digital currency, before potentially releasing your files. Because of this, education and preparedness are key.
SNS VP of Technology, Jonathan Mack discusses WannaCry with CTV Edmonton
How do you prevent this from occurring?
Backups, backups, backups. Seriously, backing up your files is the most important way to safeguard against WannaCry and other ransomware. Make sure your backup is stored in a secondary location. A little rule of thumb in the industry is the 3-2-1 Backup Rule: have at least 3 backups, on 2 different media types, at least of 1 of these being off site. Also, it’s important to test your backups. Just because you think you’re backing up your files, doesn’t mean the backups are always working. At home, it’s as simple as taking your external hard drive, opening it on a different device and clicking through a couple folders to see if the files are actually there and backed up. From a business perspective, having an off site company (like SNS) that has the expertise and infrastructure to backup, maintain and check those backups on a regular basis will help ensure that if ransomware harms your network, you are prepared and can restore.
This is particularly important in a business setting where networks can be quite vast and large, proprietary information and data is present, and computing is vital to business (transaction history, mechanics, etc). Being proactive with patches, software upgrades and healthy backups is key to making sure you’re protected and prepared.
When taking a proactive approach to virus protection – think of it as an onion. The more layers of protection and prevention you have (regularly backing up, patching, updating, plus having a robost firewall, DNS protection and spam filters), the safer you are. Don’t rely on only one layer of protection.
What Should I Be Asking My IT Department?
- When was the last time we verified that our backups are working?
- Are we regularly downloading and installing patches?
- When were the last security updates installed?
- What Servers and systems are being backed up? Is it image based? How often?
- Where are our backups? Onsite vs. offsite? Both?
- Do we have any other layers of protection? Unified threat management? Spam filters? DNS protection?
Contact us if you have any further questions, we’re happy to answer any questions you might have.