13 May 2017
Security Advisory: Massive Global Ransomware Attack Underway
A global ransomware attack on machines running the Windows operating system. It is a viral infection, and can attack any vulnerable computer over a network. In order to protect yourself, please ensure to update your Windows operating system as soon as possible. Patch is available from Microsoft here.
The below quick fix maybe useful to prevent the spread of this infection while you look to upgrade your Windows to the latest / patched version.
As a Microsoft Cloud Solutions Provider, Extreme Web Technologies can help you with enterprise-grade security and control for your business with Windows 10 Enterprise E3 / E5. Please reach out to us via email for more information.
Cybersecurity firm Avast said it had identified more than 75,000 ransomware attacks in 99 countries, making it one of the broadest and most damaging cyberattacks in history.
Once one computer on a network is affected, the malware infection easily spreads to other Windows computers on the same network, shutting down entire government agencies and national infrastructure companies. Hospitals across the UK were being forced to divert patients and ambulance routes as of Friday afternoon, and several utility companies across Europe reported infection across their computer networks according to BBC News.
What Is Ransomware?
Ransomware is a kind of malicious script or software that installs itself on your computer without your knowledge. Once it’s installed and running, it will lock down your system and won’t allow you to access any files or programs on that computer. Usually, as in this current WannaCry exploit, it will alert you to the lockdown with an impossible-to-ignore pop-up screen which informs you that your computer is being held for ransom. To unlock your system and regain access to the computer being held hostage, the lock screen informs you that you must purchase an unlock tool or decryption key from the hacker.
Where Did This Threat Originate?
In this case, Microsoft has been aware of the vulnerability since March 2017, when it published a Security Bulletin covering the potential risk. According to the Spanish newspaper El Mundo, early indicators seem to point to the attack originating in China, but more information is needed.
How Can You Tell If Your Computer Is Infected?
The most obvious way to tell if your computer has been affected is if you are seeing a ransomware pop-up screen when you start up your computer. But because we don’t know how long the malware sits on your computer or network, not seeing this pop-up isn’t necessarily an indication that you haven’t been infected. The bottom line: if your Windows computer has connected to a shared network, such as those found in schools, public places, cafes and businesses, and you don’t have complete control over every computer on that network and haven’t been keeping Windows up-to-date, your computer may be infected.
How to Protect Yourself From the Vulnerability
According to Microsoft a fix for this vulnerability was released on March 14th for all affected versions of Windows. If you are running Windows and have automatic updates enabled you should be okay. If you don’t and haven’t updated recently you should update to the most recently released version immediately. It is important to note that unsupported versions of Windows, like XP, did not receive this security update. Those systems should either be isolated or shut down.
Please pass this along to your friends and family. Those that are less technical may not have updates auto-enabled, and may need a helping hand updating their operating system.
- AVAST: Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
- CNN: Massive cyberattack targeting 99 countries causes sweeping havoc
- BBC: Massive ransomware infection hits computers in 99 countries
- Forbes: An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak
- Wordfence: Massive Global Ransomware Attack Underway, Patch Available