A massive cyberattack has been spreading since Friday, hitting hundreds of thousands of computers and crippling major government and corporate operations. The malware is known as “WannaCry,” and there will likely be many more variants on their way.
This attack is still active, but primarily outside North America at the current time. There were widespread reports on Saturday that a security researcher had discovered a “kill switch” that stopped the ransomware from spreading. The kill switch certainly slowed WannaCry down, but it only limited some of the ways this malware could spread. We are anticipating a new wave of infections as early as today.
What does WannaCry do?
WannaCry is ransomware, a growing category of extremely heinous malware. Once it is activated on a machine, it encrypts the files on that machine so they are inaccessible. Then it instructs the owner to pay a ransom to have their files unlocked.
How should you protect yourself?
Keeping systems patched and up to date is critical to thwart these threats. Workstations running older versions of Windows (XP and 8, specifically) should be upgraded, while newer workstations should have the Windows updates applied regularly.
Educating users against phishing techniques
Educating users is the best form of protection. All it takes is one user to open an infected attachment for ransomware to end up on your systems. This might be in the form of an email with a very seemingly relevant subject, spoofed from a company email address, or something equally as unexpected, yet realistic. Users should remain extremely careful about opening any email attachments, or following links in emails from known or strange sources. Users must be aware of this risk and avoid opening up unexpected email attachments. Action of users is the first line of defense.
If you believe you may be infected or have something suspicious to report, please contact us immediately.