Blog / WannaCry Cryptoware Virus

You have to admit – the name is catchy.  WannaCry; it aptly describes how you feel when you see the message flash on your screen about the attack. Of course, this is just the latest rendition of a malware type that many are familiar with – cryptoware that infects your computer by encrypting your files and asking that a ransom be paid to unlock them.  In this case, the ransom demand is somewhat modest – about $300 to $700 USD.

Technical details aside, it’s activated by someone opening an attachment – or clicking on a web link – on an unprotected computer. In this case, the computer is unprotected because the latest Microsoft updates were not applied. This attacked new and old computers – going back as far as Windows XP. Microsoft released a security update in March, 2017 that closed the security hole – but as Microsoft no longer support Windows XP, a patch was not released for it.

What is new to this virus, is it’s worm capabilities; that is it’s ability to seek out other computers on the network and infect them without any interaction from the user. Now it’s easy to see how hundreds of thousands of (older) computers got infected.  A large part of the British health system computers still use the Windows XP operating system. It was a hacker’s perfect storm of circumstances and events.

It’s still too new to know if traditional Anti-Virus (AV) software or firewalls can trap this virus. The leading manufacturers of AV software and firewalls are split in their claims of offering protection.  Microsoft have since released a patch for Windows XP – and other older operating systems that might still be in use.

The first order of business: What to do to protect yourself.

  • Don’t open Emails – or click on links or attachments – when you don’t trust the source.  Never, no exceptions!
  • Change your Email format to be Text ONLY.  This exposes links that hide in Emails that often appear legitimate. This can also be done for Emails that you receive.
  • Make sure your computer has all of the latest Microsoft updates applied.
  • Make sure your computer has the latest updates from your AV vendor.
  • If you use a computer that runs Windows XP (or older O/S), get rid of it.
  • Insure your backups are sound.  They need to be verified and tested.

Related to the first point, we often get asked why we block ZIP attachments in our Email filter – removing the file before it reaches your systems.  The answer is simple.  ZIP files are compressed archives of files that are difficult to read by AV software.  Thus, it’s easy to hide viruses inside of ZIP files.  We’d rather eliminate the source of a potential problem rather than expose our clients to it.  There are several ways to safely send files to your colleagues – just ask your primary tech.

On the 3rd point, for our clients that have a managed Support Agreement with us, your servers are protected – as we apply Windows updates to them manually each month.  However, unless requested otherwise, we allow the workstations and laptops to automatically update themselves according to Microsoft’s schedule using their auto-update service.  This may not be sufficient to insure your computers are protected.

Experts world-wide are expecting variations of WannaCry to show up in the coming weeks and months.  The problem is not going away. It will get worse; the potential profits are just too tempting.

Finally, there is an element of intrigue worthy of the best spy thriller.  It appears the root source of some virus code was the NSA (The US National Security Agency). Speculation is that it’s part of their nasty toolkit.  I’ll let the conspiracy theorists run with that thread.

In the meantime, if you have any doubt about the state of your computers, servers or networks, please contact me or your Primary tech for more information.

Thanks
Dave White