I’ve been talking with some clients during the past several days that seem to think Wanna Cry is worse than anything Chicken Little could imagine. It isn’t. There really isn’t anything earth shattering or drastically special about Wanna Cry. Let’s take a quick look at Wanna Cry and think a bit about how you may be exposed.
First, what is Wanna Cry? Wanna Cry is ransomware — a bit of malware that encrypts your computer files and then asks for $300 US or so, to get them decrypted. Nothing new there. Ransomware has been around for years.
Second Wanna Cry is unable to spread to any PC with an updated Windows operating system that is version 7 or above. In the case of Wanna Cry, Microsoft pushed out an update in March of 2017 that stops Wanna Cry from spreading. If you have an XP machine, you can download the update from Microsoft.
Third, Symantec anti-virus was blocking the actions of Wanna Cry before Wanna Cry appeared on the scene. I would suspect that most of the other anti-virus manufacturers are also blocking Wanna Cry type actions.
So why are news reports describing Wanna Cry with such words as “terrifying”, “devastating”, “fear”, etc? Don’t get me wrong, I’m glad for the news coverage. Such coverage reminds us of the necessity for eternal vigilance. But I think that Wanna Cry became a news item because there was no other news to report at the time.
There’s certainly nothing terribly unique about Wanna Cry — it is ransomware and like many many other viruses it uses an exploit to infect computers. (“Exploits” are flaws in the operating system of a PC that a hacker uses to his advantage — such as encrypting your files.)
Exactly how Wanna Cry gets onto that first PC on your network has not yet been verified but by the time you read this it will almost certainly be found that the first PCs were infected via email. Once Wanna Cry is on your network spreads quickly to any vulnerable PCs on your network. Again, a fast spreading virus is not terribly unique.
Any network shares to which the infected PC has access are vulnerable and Wanna Cry will encrypt them. Again, this is not unique. Most all ransomware will encrypt your network shares.
I’m not saying you can ignore Wanna Cry and go about your business as though it did not exist. The point I’m making is that Wanna Cry can be resisted and treated like any serious malware.
So…to reduce your exposure to Wanna Cry (or any virus), stay up to date with a supported operating system for your servers and PCs. Insure that your computers’ operating systems are receiving and installing the manufacturer’s updates. Use paid anti-virus software (free anti-virus software rarely comes with automatic updates and without timely updates anti-virus software is worthless.) Filter out attacks at your firewall. Use a spam filter for your email. Don’t open email from strangers. Keep good (good = tested and disconnected from your network), backups of your important files.
If you are doing the above, you have basic and solid protection in place. Now do a check up on those systems to make sure they are working. If they are, then go back to managing your company. If you still can’t get any sleep at night, give us a call and we will take a look at your systems for you from an expert’s point of view.