Previous
Tips & Hacks
Threat Advisory – Are Your Legal Documents Safe From Ransom.WannaCry?
On May 12, 2017, a new strain of the Ransomware called, “WannaCry” began spreading and widely impacting a large number of organizations worldwide including hospitals and police services to name a few.
You truly never know when these attacks will happen or just how safe your legal documents truly are. Recently in March, a small law firm in Rhode Island was the victim of a cyber attack and were locked out of their computers for months.
What is WannaCry?
The way ransomware works by encrypting files on a computer and then asking for a ransom to have them decrypted. Your files become completely unusable until they are decrypted. WannaCry demands a ransom of $300 within 3 days (in Bitcoin only). If you don’t pay in that time, the ransom may get doubled. If you don’t end up paying within a week, then WannaCry threatens to delete the files.
How is it Spread?
WannaCry is spread through the opening of a malicious email attachment in conjunction with a vulnerability in Microsoft Windows. Once the malware starts to run, it encrypts files on the local machine and starts to search out other machines on the network which it infects via a vulnerability in Windows File Sharing (SMB).
How Will I Know I am Infected?
You may receive a popup notification indicating that your computer has been infected which will look like the following:
If your computer has been infected, you will notice that your files cannot be opened and will have a .WNCRYextension appended to the filename. For example, if you have a document called, “Sales.doc”, it will now be named, “Sales.doc.WNCRY”.
1. Install Windows Update
Microsoft Security Bulletin MS17-010 (Released: March 2017)
Even if you don’t open any email attachments, you are at risk because someone else could end up infecting your network. Due to this, it is important that you have the Windows vulnerability patched on your computer and servers.
2. Be Careful Opening Emails
You should also be extremely suspicious of all e-mails you receive, particularly those that ask you to open attached documents or click on web links. If you do not know the source of the email, delete it. If you’re not expecting an email, even from someone you know, you should either contact the sender to confirm or just delete the email altogether. Do not forward your email to anyone unless someone from IT Support has instructed you to do so.
With the ongoing threats of cyber attacks, it’s important that your passwords are up to date and secure. Read our article highlighting “How to Create Memorable and Secure Passwords”.
3. Take These Additional Precautions
Do not connect to your office (VPN, Wi-Fi, or network cable) if you have a machine that is not always connected inside the office. If possible, do not connect to any network if not already connected.
When you start your computer, open Task Manager. If you have a lot of CPU usage from processes that have numbers or random characters for names, hard shutdown your computer. This means press and hold the power button until the computer is off. Do not select Shutdown from the Start Menu. Do not light-press the power button. Do not turn it back on before it is fixed by IT support.
Make sure your Anti-Virus software is fully up to date. Run a full system scan once it is confirmed up to date.
Make sure all Windows patches are up to date. You should run Windows Update until a full cycle shows no pending updates.
Run Malware Bytes, ensuring it’s up to date, and a full scan has been run and all threats cleared.
Back up your computer. Even for your personal computers, it’s a wise investment to get a large USB hard drive, and do a full backup of your computer regularly. Leave the hard drive disconnected when you’re not doing the backups. (If your computer is hit with WannaCry, then it will encrypt your backup drive if it was connected).
Once you’re complete for scans and backup, you can connect your computer again.
The following are a couple of video links explaining this latest cyber-attack and some steps that may help you to avoid getting infected:
https://twitter.com/CTV_PowerPlay/status/863147788518817792 (45 sec)
https://drive.google.com/file/d/0B2iqVxTUzwC2bUE5cjZxeXFheXM/view?usp=sharing (7 min)
Final Thoughts
It is expected that on Monday, many more machines will be turned on, and many more infections will occur. In addition, a second wave of attacks from an updated version of this malware is also expected, so it is very important to be vigilant in the face of this threat. If you see suspicious activity and believe yours, or your customers’ information may have been exposed, please contact support.