If you’ve been paying attention you have heard about the ransomware attack that began last week which affected over 100,000 businesses and organizations in over 150 countries before Today. It is called the WannaCry Ransomware and it will encrypt files on a computer in infects and demand money via a bitcoin transfer with an offer to unlock the files. It is also suspected to travel across a network to infect other machines on that network.
What to know to avoid it:
- Never open an email that you do not know the source of. If you are even suspicious about an incoming email, especially if it contains an attachment of any kind, do not open it.
- For computers within a network, disabling Server Message Block version 1 has been recommended.
- Ensure that your software is up to date. The latest viruses and exploits once they have been found are usually patched in new updates that are then offered to the users. This particular virus exploited a vulnerability in the Windows operating system. But others can use various common programs to take over a machine.
- Have a back up of your files, either on the cloud or in an offline drive, so that should you lose files or even a whole machine to a virus you can easily get your files back.
How to tell if you have it already:
The attack holds users hostage by freezing their computers, popping up a red screen with the words, “Oops, your files have been encrypted!” and demanding money in the form of an online bitcoin payment — $300 at first, possibly rising to $600 before it destroys files.
What to do if you have it:
- Decryption of files from this ransomware attack isn’t yet possible. Files on a desktop, in My Documents, or on a removable drive will be difficult if not impossible to recover.
- There’s no guarantee hackers will restore files, and those who have been successful in regaining files in past attacks have reported wait times that can be days or weeks.
- Europol said most currently victimized have not paid the ransom, and Symantec is among the security companies that advise against paying.
- Businesses and governments suspecting a cybesecurity incident in Canada are encouraged to report them to the RCMP’s cybercrime unit.
- If you are an individual with the the virus and you have a back up of your files, you are advised to wipe your machine and restore your backup.
Story from the CBC
Image from securelist.com