Worldwide ransomware attack hits NHS hospitals
16 May 2017
Following the recent global cyberattack that has now spread across over 150 countries and seriously affected the NHS, Prodec Networks’, IT Security Solutions Manager, Danny Williams, has posted the following message:
This is not a drill, or a phishing test.
We suggest you send the following to your employees, friends and family:
It’s been hard to avoid the news this weekend, criminal hackers have released a new strain of ransomware that spreads itself automatically across all workstations in a network and has caused a global epidemic. If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation, but immediately everyone else's computer too. Be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, STAY CLICKCLEVER; do not click on it but delete the whole email.
Remember: "When in doubt, throw it out!"
Unknown cyber criminals have been spreading "ransomware" called WannaCry, also known as WanaCrypt0r 2.0, WannaCry and WCry. The most common form of attack is delivered via emails which trick the recipient into opening attachments to release malware onto their system. This technique is what is known as phishing.
Once your computer has been affected, it locks up the files and encrypts them in a way that means you’re unable to access them anymore. It then demands payment in bitcoin in order for you to regain access. DO NOT PAY! Security experts warn there is no guarantee that access will be granted even after payment.
WannaCry exploits a vulnerability in Microsoft, which released a patch to fix it in March. However, it’s very easy to miss these updates and patches, meaning vulnerabilities can remain open a lot longer making it easier for hackers to get in.
If you have not done so already, harden yourselves against this Windows Network Share vulnerability and ensure that all systems are fully patched with the "MS17-010" security update (link below) and remind all staff to be CLICKCLEVER; Think Before They Click when they receive any out of the ordinary emails.
In the meantime, there Are Four Things To Watch Out For When It Comes To Detecting Wana
- Check for SMBv1 use
- Check for an increase in the rate of file renames on your network
- Check for any instances of the file @Please_Read_Me@.txt on your file shares
- Check for any instances of files with these extensions
If Your Network Has Been Infected, What To Do?
This ransomware strain cannot be decrypted with free tools. Research shows the encryption is done with RSA-2048 encryption. That means that decryption will be next to impossible, unless the coders have made a mistake has not been found yet.
Your best bet is to recover from backups, and if your backup failed or do not exist, try a program like Shadow Explorer to see if the ransomware did not properly delete your Shadow Volume Copies. If a user did not click Yes at the UAC prompt, then there is a chance those are still available to start the recovery.
This is a bad one. Let's stay safe out there.
Prodec Networks offers a full portfolio of security solutions designed to keep you and your business safe from the threat of ransomware. For more information, please do not to hesitate to get in touch or feel free check out www.clickclever.co.uk, to view insightful resources that have been created to help protect your business from cyberattacks.