wannacry_ransomware-img

Background
12 May 2017 – A global wide-spread ransomware known as “WannaCry” aka. WanaCrypt0r infected more than 200,000 computers in 150 countries. The ransomware has the capability to spread over the network by scanning for vulnerable systems, and infecting them; encrypting files on the system, and exhorts a ransom payment in bitcoin for the decryption of files. The attack can be spreads by multiple methods, including phishing emails and on unpatched systems as a computer worm.

Why we need to be aware of “WannaCry”?
Once any single computer in the organisation is hit by the “WannaCry” ransomware, the worm looks for other vulnerable computers (computers without the latest Windows security updates) within the network and infects them.

How can we protect our computer system?
Always Maintain Backups
Ensure you make backup of important files and documents. Use cloud services to help mitigate ransomware infection.

Keeping Software Up-to-date
When new critical vulnerabilities are discovered, software vendors roll out new patches. Ransomware infection such as WannaCry can be avoided by ensuring your software and anti-virus are always up-to-date.

Avoid Links or Files from Unknown Source
Refrain from opening links or files received from unknown source, unless you have verified the source. This is especially if files contain executables or documents that require you to enable macros.

What to do if you are infected?
1) Remove network connection from your computer by removing your network cable or shutting down the wireless network on your computer. Removing the network connection helps to prevent further spread of the ransomware.

2) Rebuild your infected computer.

3) Patch your rebuilt computer with the recommended patch and restore your system through your backup – Microsoft has released a patch for the vulnerability since March this year (MS17-010).