Friday's unprecedented ransomware cyberattack WannaCry has hit as many as 200,000 victims in over 150 countries including UK, Russia, Ukraine, and Taiwan.
Ransomware is a programme that gets into your computer, either by clicking or downloading malicious files. It then holds your data as ransom. Fresh disruptions are expected in Australia and Asia as workers switch on computers at the start of the working week.
Elements of the malicious software used in Friday's attacks were leaked by hacking group the Shadow Brokers in 14 April 2017. This tool uses a vulnerability in all versions of Windows operating system. Microsoft were quick to fix the problem a month prior to its leak and released a freely downloadable security patch, however it appeared many high-profile targets had not updated their systems to stay secure.
WannaCry is a form of ransomware that targets Microsoft's Windows operating system and locks up files on your computer and encrypts them in a way that you cannot access the files again. . When a system is infected, a pop-up window appears with instructions on how to pay a ransom of AUD$300. The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to AUD$600; another showing a deadline of when the target will lose the data forever. Payment for the ransom is accepted by Bitcoins only.
The WannaCry virus infects only machines running Windows operating systems. If you do not update Windows, and do not take care when opening and reading emails, then you could be at risk.
However, home users are generally believed to be at low risk to this particular strain of cyber-attack.
ShineWing Australia’s IT advisory team recommends companies, small businesses and home users take three simple steps to protect themselves:
Keep your organisation's security software patches up to date
Use proper antivirus software services
Most importantly for ransomware, back up the data that matters to you, because you can't be ‘held to ransom’ for data you hold somewhere else.
Inform the IT Department –They will have the latest copy of your files backed up.
Don’t pay the hackers ransom –As you will fund this industry and there is no guarantee that you will get access back to your files.
Restore your computer – As this attack started on Friday 12 May 2017, consider resetting your machine to 11 May image or last check point.
Disable Infected Windows Function Server Message Block 2 – A step by step guide on how to do this can be found at Microsoft Help Page
If you would like to find out more information on IT security or require any assistance, please contact our ShineWing Australia representatives below.
Partner, Assurance and IT Advisory Services
T +61 3 8635 1800
Senior Manager, Assurance and IT Advisory Services
T +61 3 8779 6517