WannaCry Ransomware Hits Computers – What Now?
What many security experts have long warned became a reality last Friday: over 220,000 computers were infected by a new strain of ransomware. The infection affected several British hospitals, French car maker Renault and the German state-owned railroad operator Deutsche Bahn. Although a kill switch has stopped the spread of this version of ransomware, the fix is only temporary. The WannaCry ransomware virus, once activated, encrypts files, drives and entire networks. After the computer is infected, a message is displayed on the screen telling the user that the computer and its data are locked and can only be unlocked by paying a ransom in the form of the crypto currency Bitcoin.
The virus was able to spread so quickly because the blackmailers used a zero-day gap in the Windows operating system. This is a security vulnerability in all OS versions since Windows XP for which Microsoft released an important security bulletin and important patches in March with security update MS17-010, which can be found here: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.
All users, whether companies or individuals, are advised to install the appropriate patch for their respective Windows system as soon as possible.
If infected by ransomware…
Even with the best precautions and policies in place, it is possible to fall victim to a ransomware attack. In the event that your data is held hostage by ransomware, here is some advice to keep in mind:
- Remain calm. Rash decisions could cause further data loss. If you discover a ransomware infection and suddenly cut power to a server, versus powering it down properly, you could lose additional data.
- Check your most recent set of backups. If they are in-tact and up-to-date, the data recovery becomes easier to restore to a different system.
- Never pay the ransom; attackers may not unlock your data. There are many cases of ransomware victims paying a ransom and not receiving their data in return. Rather than running this risk, companies should work with data recovery experts who may be able to regain access to the data by reverse engineering the malware.
- Contact a specialist for advice and to explore recovery options. Experts can examine your scenario to see if they have a solution already in place or if they may be able to develop one in time.
To date, engineers at KrolLDiscovery have identified over 225 variations of ransomware that infect user devices, with more variations created every day. The team of engineers at KrolLDiscovery work around the clock to identify and find a solution for each type of ransomware.