I am writing to alert you that cyber criminals have been spreading a “ransomware” called WannaCry, also known as WanaCrypt0r 2.0, WannaCry and WCry etc. The attack appears to have affected a number of organisations in several countries. Ransomware, which demands payment after launching a cyber attack, has become a rising trend among hackers.
Ransomware is a type of malware that prevents or limits users from accessing their system. Once your computer has been infected, it locks up the files and encrypts them in a way that you cannot access them anymore. It then demands payment in bitcoin in order to regain access. As shown in the below screenshot:
This particular ransomware exploits a Microsoft SMB protocol vulnerability to spread. The most common ways of installing the virus are through compromised emails and websites.
For example, hackers could send an employee a phishing email that looks like it comes from their boss asking them to open a link. But it actually links to a malicious website that surreptitiously downloads the virus onto their computer.
Downloading a bad program or app, and visiting a website that is displaying malicious adverts can also result in an infected device.
The best way to protect yourself is to be suspicious of unsolicited emails and always type out web addresses yourself rather than clicking on links. Another key defence is antivirus programs that can scan files before they are downloaded, block secret installations and look for malware that may already be on a computer.
Without good backup copies of their electronic files, victims of ransomware are stuck paying the ransom or trying to reconstruct their files from other sources.
To avoid falling victim to ransomware or phishing attack I urge you to follow the below recommended security practices:
- All of you should be vigilant in relation to email and not open any links or downloading attachments in emails from unfamiliar or possibly suspicious sources
- not opening attachments included in unsolicited or suspicious emails.
- not clicking on links in unsolicited or suspicious emails and social media posts.
Never use links in an email to connect to a website unless you are absolutely sure they are authentic. Instead, open a new browser window and type the URL directly into the address bar. Verify a Site’s Security – If you get a message stating a certain website may contain malicious files, do not open the website.
What to do if you’re a victim of WannaCry – should you pay the ransom?
Victims are advised to never pay the ransom as it encourages the attackers. Even if victims do pay there is also no guarantee that all files will be returned to them in tact.
Instead, the best thing to do is restore all files from a back up. If this isn’t possible, there are some tools that can decrypt and recover some information.