Skip Ribbon Commands
Skip to main content

WannaCry Cyber Attack – Protect Your Data

15/05/2017


​​It wasn’t Friday the 13th, but for organizations across the world held ransom to cyber criminals, last Friday May 12, 2017 felt like it.

On that day, organizations around the world began fending off attacks from a ransomware strain variously known as WannaCrypt, WanaDecrypt and WannaCry. To date, the malware has spread to 150 countries and through more than 200,000 organizations - and expert warn there’s more to come, with new strains emerging.

What is the Threat

Ransomware encrypts a victim’s data, from documents and images to music and other files, unless the victim pays for a key to unlock them. Victims without access to good backup systems have two choices: kiss the data goodbye or pay the ransom.

This particular malware includes an encryption package that locks up the machine’s files, and demands payment of US$300-US$600-worth of the virtual currency Bitcoin for a key to unlock them. The cyber criminals threaten to delete the data if not paid within seven days.

Who’s at Risk?

Organizations or individuals who are running older and newer Microsoft Windows systems and have not applied a March 2017 patch are vulnerable. The ransomware spreads with the help of a file-sharing vulnerability and can infect an entire network.

Microsoft issued a patch to fix this flaw in March 2017, but it was unavailable to older versions of Windows, such as Windows XP and Windows Server 2003, leaving many organizations and individuals open to hacking. The software giant has since made the patch available to older systems (see below for links).

How Do You Know if You’ve Been Infected?

One sign is not being able to access your systems, files and data base. However, in most cases a red pop-up appears on your computer screen. The red screen is the “ransom note” that demands payment to get back access to your data.

This is what the pop-up could look like:

WannaCry Pop-Up

How To Limit Your Exposure

  • Patch your systems with the latest information from Microsoft for this “Wanna” Ransomware - https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ or http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598Please note, patience could be required as the Microsoft link initially crashed due to an overwhelming volume of queries.
  • Patch your systems for any other security vulnerabilities (hardware / software) as quickly as possible.
  • Backup your systems. Make sure you have offline backups. Test those backups to make sure they can be restored.
  • Avoid clicking on links or opening attachments or emails from people you don't know or companies you don't do business with.
  • Have an antivirus / antimalware solution installed and up-to-date.
  • Communicate to the team to let them know if anything suspicious is seen to shut down their systems, remove form the network and report immediately.

How Does It Work

The ransomware automatically scans for computers with the same defect it can infect whenever it loads itself onto a new machine. It spreads as a worm, scanning other computers on the same wireless network and leaping onto them. For example, if your laptop is infected and you went to a coffee shop and connected to the WiFi, it would spread to other PCs on the coffee shop.

Similarly, it can spread onto company networks.

What To Do If Infected

  • Remove any devices you suspect of having ransomware from the network immediately and shut that system down - be aware other systems may have also been infected.
  • Run tools as soon as possible to discover the extent of the problem.
  • If you have an emergency and need help, call MNP’s cyber security hotline at 1.866.370-8575 and select option 2.
  • If you are concerned, or not sure what to do, email MNP’s Security Operating Centre at soc@mnp.ca
  • Visit http://www.mnp.ca/en/technology-solutions/cyber-security

For more information, contact Danny Timmins, National Cyber Security Leader, at 905.607.9777 or danny.timmins@mnp.ca.