UPDATE - Monday May 15 6:30 AM
To Fairoaks Clients: The WannaCry ransomware spread wildly across Asia as businesses opened today. I expect the same in the US. Please be extremely cautious of any suspicious emails. This part is totally up to you, the user. Forward any suspicious emails to Support @ FairoaksIT.com.
We are doing our best to protect your network, but even an updated computer is at risk if the user clicks on a malicious email. Having an updated (patched) computer will not save your PC, but will greatly reduce the risk of the virus spreading across the network. Additionally, because of an ingenious design, it looks like this attack is evading anti-virus programs.
So, let me repeat, if you click a malicious link, your Windows computer will get infected – even if your computer is updated and has anti-virus.
(Here is a link to a cyber security company that is tracking the spread of WannaCry. You can watch new infections live, as they happen: https://intel.malwaretech.com/WannaCrypt.html)
===========================================================
Sunday May 14 9:00 PM
At the risk of sounding like chicken little, I expect Monday to be challenging for US businesses. The WannaCry ransomware attack, which started Friday, is spreading quickly and, per the European Union police agency, has already attacked an estimated 200,000 victims in 150 countries. Infected computers appear be mostly poorly managed, out-of-date devices. The attack is indiscriminate, hitting both large and small targets.
Just a reminder, on the infected PC’s, the bad guys are locking up the data and demanding a payment of around $300 for their release.
Although the rate of infection has slowed, I expect that to change as businesses open Monday across Asia then the US.
Why do I think this?
First, most infections will start with users falling for phishing emails. This will undoubtedly cause major data loss for individual users.
Second, if the phishing email gets opened on a network, any PC’s on the network that are not updated (patched) will be at risk.
So, let me repeat, even an updated computer is at risk if the user clicks on a malicious email. Then, the entire network is at risk.
Third, at this point, because of an ingenious design, it looks like this attack will evade most anti-virus programs.
What to do Monday morning?
The best advice for tomorrow morning is to be extremely cautious of any suspicious emails. This part is totally up to you, the user.
Next, if you don’t have a good, proven, tested backup of your data - do that ASAP. The FBI says the best protection against any ransomware attack is to have a good backup. Fairoaks Total Care clients have all server data backed up. BUT, if you’re keeping data on your PC (like My Documents) move them to the server (or to a thumb drive if they are personal files like photos).
Lastly, to help prevent this WannaCry ransomware from spreading, make sure all your PC’s and servers are updated (All Fairoaks Total Care and Core Maintenance clients already have this in place).
Longer Term (like Monday afternoon!)
if you don’t already have a good spam filtering service, get one. (All Fairoaks Total Care clients already have this in place).
What to expect next.
Well, like any good business model, these bad guys will learn the “market” and adjust their technology and economics.
On the technology front, there are already rumblings of version 2 being released as authorities have found some weaknesses in the current virus. And on the economic front, expect ransom costs to increase as the “demand” increases.
Finally
No one can guarantee complete data safety, but with proper training and technology, the risks can be greatly reduced.
Report any WannaCry infections to the FBI (Email: cywatch@ic.fbi.gov - Phone: 1-855-292-3937).
Remember, with any ransomware, the only guarantee you have in paying the ransom is (1.) it proves to the bad guys that you have money and (2.) it proves you value your data.
Tom Crossley
508-543-5540
