Major news outlets announced a sleeper malware named WannaCry, hit yesterday morning in 99 countries including China and Russia.  Do you have threats lurking your laptop, desktop, servers, and/or mobile devices?

According to the BBC, WannaCry’s massive cyber-attack is based on tools believed to have been stolen from the US National Security Agency (NSA) and cyber-security firm Avast said it had already seen 75,000 cases of the ransomware.

Apparently the malware leveraged a Microsoft Windows operating system vulnerability that was patched in the March timeframe.  Who is updating the software and security patches on your technology?  Without the update, your systems and networks are at risk.

WannaCry and its variants leverage that exposure to enter networks and begin encrypting files which are then held ransom for payments between $350 and $500.

News.com.au reported a 22-year old researcher identified a flaw in the malware’s code and slowed its progress substantially by buying a domain name, and redirecting the virus back to its source.

As of this morning, we have not received reports or seen any indications of this variant of ransomware in our Client environments.  We are constantly updating the software and security patches throughout our Client systems to make certain our managed services Clients’ systems are fully technology protected based on industry best practices.

Here are some security steps you can assess at your company.  Contact us if you identify any potential gaps, have questions, or would like a free network security assessment to confirm your sensitive data and technology operations meet industry standard protocols:

  • User-Training:  First and foremost, you have to train and retrain all employees on risks associated with opening files and clicking unknown links, as most malware is initiated by user action.  A starting point is to have your people review this brief article from Cisco, discuss them, develop a training regimen, and hold people accountable to good decisions.
  • Windows Updates:  Do not assume your systems are automatically updating with feature and security updates.  Many critical updates require manual initiation by users, or the people managing the systems.  NRTC combines automated updates with manual oversight to confirm your systems have the most recent updates and security patches from all covered software and operating system vendors.

The patch to block the WannaCry ransomware has been on our Clients’ systems since March when it became available.  Are you absolutely certain ALL of your systems and networks are fully secure?

  • Backup:  The best defense against ransomware is automated backups to all of your systems.  Daily is best.  NRTC’s managed services Client systems are not only backed-up, but our sophisticated solution also constantly monitors the quality of data backed-up so when there are issues there is remediation and testing within one business day.  We also regularly test backups to confirm data is restored accurately and quickly.  When is the last time you tested data on your backup system?
  • Antivirus/malware:  NRTC manages industry best-in-class anti-virus/malware solutions on all supported Client systems – including servers, workstations and laptops.  It automatically updates as new malware is introduced daily.  Are you certain your anti-virus/malware software is comprehensive enough to stop the WannaCry and other new attacks?
  • OpenDNS:  Many NRTC Clients utilize OpenDNS, also known as “Cisco Umbrella,” on their workstations, laptops and servers.  OpenDNS has proven to effectively block many variants of ransomware, including WannaCry.  Contact us if you to consider the pros and cons of OpenDNS

It may sound obvious, but your people may have ransomware on their system if they cannot open files.  CNN quotes Mikko Hypponen, chief research officer at cybersecurity company F-Secure in Helsinki, Finland, as calling this “the biggest ransomware outbreak in history…”  And many experts say the impact of WannaCry is just beginning.

If you see any evidence of ransomware or other suspicious activity in your technology environment, contact us immediately via email or call (410) 925-0303 to schedule time with Marc Wishnow, one of senior consultants.  He will help you avoid damage and work delays due to ransomware and other I.T. security threats.