On 12th May 2017, there was a global wide-spread infections of a ransomware known as "WannaCry" aka. WanaCrypt0r. This ransomware has the capability to spread over the network by scanning for vulnerable systems, and infecting them. It then encrypts files on the system, and exhorts a ransom payment in bitcoin for the decryption of files. Since the initial news of the infections, Singapore has seen a number of victims struck by the ransomware. Why is “Wannacry” dangerous
What makes Wannacry dangerous is that the attackers are leveraging a Windows exploit developed by NSA called EternalBlue, and reportedly leaked and dumped by the Shadow Brokers hacking group over a month ago. Since then, it has spread rapidly across the world affecting thousands of systems in over 100 countries. The exploit has the capability to penetrate into machines running unpatched version of Windows through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server. Once a single computer in your organization is hit by the WannaCry ransomware, the worm looks for other vulnerable computers within it your network and infects them as well. Recommendations
Prevention is always better than seeking for a cure. For the “Wannacry” ransomware, this principle is strongly recommended. For this Ransomware, Microsoft has released a patch for the vulnerability in March (MS17-010). Do this now if you have not done so. Like all other ransomware infection, you should always be suspicious of uninvited documents send through email. Do not click on links inside these documents unless you have verified the source. Always make backup of your important files and documents, this will save you when you have to restore your files and documents when needed. Do ensure that you run an active anti-virus security suite of tools on your system, and most importantly, always browse the Internet safely. What if I’m infected?
What if it is too late and my system is infected with “WannaCry”? What should I do? Firstly, don’t panic. There are no known way to recover files encrypted by “WannaCry”, but you should follow these steps:
Remove the Network connection from your Computer. This could be done by removing your network cable or shutting down the wireless function on your computer. By doing so you are preventing the spread of this ransomware.
Start rebuilding your effected computer, be it laptop or workstation. (if you need help, you can contact us at 91054718 / 8522 9714)
After you have rebuilt the infected workstation, patched it with the recommended patch and restore your system from the backup you have made.
How to protect your data from such ransomware and security threats?
Contact our security consultants to conduct a free onsite evaluation on your office computer and servers. We will evaluate your security level and advise you what to do next. Please remember, backup and
security solutions are always affordable than recovery solutions! So why wait for it to happen? Act now! contact us at 9105 4718 / 6659 0829 / 8522 9714. Alternatively you can email us at saju@innoq.com.sg or ramon@innoq.com.sg.