You’ve no doubt heard of WannaCry, the devastating computer virus that’s been dominating international news for the last few days. Lots of our customers have been getting in touch with us recently with urgent questions about how they’ll be affected. Don’t panic though! This week on the blog we’ll take you through exactly what WannaCry is, and how you can protect yourself against it.
Also known as WanaCry or WCry, WannaCrypt, WanaCryptor, Wanna Decryptor, WanaCrypt0r 2.0, WannaCry is basically a particularly nasty breed of computer virus called ransomware. Ransomware works by blocking access to files and locking up infected computers, then demanding a payment from the owner in order to restore access.
In WannaCry’s case, it demands $300 (£230). This sum doubles if it’s not paid within three days, and then the virus threatens to delete the files forever.
WannaCry only affects Windows computers, as it works by exploiting a technical vulnerability in older Microsoft Windows operating systems. Where it’s different from run-of-the-mill ransomware, though, is that it’s also what’s called a ‘worm’ – instead of stopping at infecting a single machine, it actively looks for others to spread to.
This is one of the reasons why it’s been so devastating for large organisations, who typically have a lot of computers on the same network, making them an easy target. WannaCry is currently infecting organisations in over 150 countries, ranging from SMEs to multinational corporations to state-run institutions (like the NHS).
The vulnerability that WannaCry takes advantage of isn’t present in Windows 10 – Microsoft’s most recent operating system – so if you’re using Windows 10 you won’t be affected.
The operating systems most vulnerable are:
• Windows 8
• Windows XP
• Windows Server 2003
If you are using any of these, it’s best to either upgrade your software or patch your current operating system with Microsoft’s emergency update (which we’ll go into more detail on below).
However, the following systems aren’t vulnerable to WannaCry, as long as you’ve stayed up to date with your security updates!
• Windows 10
• Windows 8.1
• Windows 7
• Windows Vista
• Windows Server 2008
• Windows Server 2008 R2
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
It all seems very scary so far, but there’s good news. As long as you’re not already infected, there are plenty of steps you can take to protect your company’s data and IT network. We’ve collected five of the most pressing ones for you.
1. Update Your System Urgently
As a general rule, Microsoft doesn’t release security patches for outdated operating systems. However, because of the scale of this attack, they’ve released emergency updates for all affected systems.
If you’re using Windows XP, Windows Server 2003 and Windows 8, you can protect yourself by downloading Microsoft’s critical security patch for your system. Users of outdated copies of Windows Vista, Windows 7 and Windows 8.1 can update their systems using the same link. Microsoft have also provided a handy guide on keeping your computer updated in future.
While we at Twentyone would recommend following these next steps regardless, the key takeaway is this: as long as your systems are properly updated, you shouldn’t have much to worry about.
2. Turn On Windows Update
This is a feature that quite a lot of Microsoft’s users have disabled, but we can’t stress its importance enough. Essentially it constantly checks for security patches to your system and downloads them automatically.
While this can be annoying if you were in the middle of something, it’s certainly better than a catastrophic data loss. After all – with Windows Update, Microsoft are doing all the heavy lifting for you!
3. Install A Dedicated Ransomware Blocker
There are plenty of available options from top cyber-security companies with a proven track record in stopping ransomware attacks. It’s always worth shopping around, and in light of these events maybe even worth spending a bit on one. If that idea doesn’t appeal, there are plenty of free versions available too.
4. Backup Your Files And Systems
This is another huge one. Hard drives are worth their weight in gold in the event of a system crash. If you’ve backed up your files and systems, it can turn a potentially massive loss into a minor inconvenience; all you have to do is restore from an earlier version. You may well still lose files but only the most recent ones, so it won’t be nearly as disastrous.
At the very least, the most important files should be copied regularly onto an external hard drive, which should be kept unplugged from the system when not in use. Otherwise, the same virus can potentially affect the hard drive too – rendering the whole thing pointless!
5. Be Wary Of Malicious Emails And Downloads
This was one of the main ways in which the ransomware spread, so a bit of caution with your emails will never go amiss. If you receive a file you’re not expecting, or if it sets even the faintest of alarm bells ringing, don’t open it.
Many automated spam emails will also try and disguise themselves as different senders, so always check the sender’s email address. So if you receive an email from “Sam at Microsoft” but his email address is something nonsensical like email@example.com , it’s definitely safe to ignore.
It is possible to remove WannaCry from your computer, though it’s not always a straightforward process. It first requires the download of a dedicated program to purge your computer of suspicious programs, and then an anti-malware program to guard your computer against future infections.
A number of leading IT-security websites offer detailed guides on how to do this, as well as recommendations on specific programs. It’s worth noting that sadly, the chances of getting your data back are still reasonably slim.
In most cases, you can also restore your system to an earlier version with System Restore. Windows System Restore automatically creates ‘restore points’ about once per week. You can then bring your computer back to the state it was at one of these ‘restore points’. You’ll still lose a bit of data, but you’ll have avoided the worst consequences.
Whatever happens, you should never pay the ransom. Every expert agrees on this point, since you’re basically only taking it on faith that your files will be restored, and they almost certainly won’t be. Fewer than 100 victims have paid up so far – don’t be one of them!
Don’t forget to follow us on Twitter: @twentyoneagency