Untitled design (4)_copy  Untitled design (5)_copy1  Untitled design (6)_copy
WELCOME! Representing the tri-region in the heart of Alberta; Spruce Grove, Stony Plain and Parkland County, the Spruce Grove Chamber of Commerce is the voice of business in the region.

WannaCry Cryptoware Virus

  • Share:
May 29, 2017
WannaCry Cryptoware Virus
Latest Cryptoware virus uses familiar methods to attack computers globally
 
As you may have likely heard, May 12th 2017 marked the beginning of an IT Security incident that is unprecedented, when compared to other Security threats in recent memory. As of writing about this threat, it is reported to have impacted over 200,000 computers across more than 150 countries. This threat has impacted organizations large and small, with some examples being: Britain’s National Health Service (NHS), FEDEX and Telefonica to name a few.

You have to admit it - the name is catchy.  WannaCry; it aptly describes how you feel when you see the message flash on your screen about the attack. Of course, this is just the latest rendition of a malware type that many are familiar with - cryptoware that infects your computer by encrypting your files and asking that a ransom be paid to unlock them.  In this case, the ransom demand is somewhat modest - about $300 to $700 USD.

Technical details aside, it's activated by someone opening an email attachment - or clicking on a compromised web link - on an unprotected computer. In this case, the computer is unprotected because the latest Microsoft updates were not applied. WannaCry attacked new and old computers - going back as far as Windows XP and Windows Server 2003. The security loophole that WannaCry uses to spread itself across a network was actually patched by Microsoft via a security update in March, 2017. However, despite this update, users using older operating systems such as Windows XP are vulnerable to this exploit, as Microsoft discontinued Security updates for Windows XP in 2014. Computers running modern operating systems, such as Windows 7, 8.1 and even Windows 10, are also vulnerable, if the March Security update from Microsoft was not installed. 

What is new to this virus, is its’ worm capabilities; that is its’ ability to seek out other computers on the network and infect them without any interaction from the user. Now it's easy to see how hundreds of thousands of computers got infected.  A large part of the British Health System’s computers still use the Windows XP operating system and thus their systems were compromised en masse. It was a hacker's perfect storm of circumstances and events.

While WannaCry itself has since been neutralized at its’ source (due to lazy development by creators), there are updated versions that are reported to be in the wild, and that are based on the same Technology. It's still too early to know if traditional Anti-Virus (AV) software or firewalls can trap these types of threats, as the leading manufacturers of AV software and firewalls are split in their claims of offering protection.  The Microsoft Security update from March 2017 is still applicable and provides protection against the spread of this threat; in fact Microsoft have since released a patch for Windows XP that can be applied for users still using the 15+ year old operating system.


The first order of business: What to do to protect yourself:
  • Don't open Emails - or click on links or attachments - when you don't trust the source.  Never, no exceptions!
  • Change your Email format to be Text ONLY.  This exposes links which hide in Emails that often appear legitimate. This can also be done for Emails that you receive.
  • Make sure your computer has all of the latest Microsoft updates applied.
  • Make sure your computer has the latest updates from your AV vendor.
  • If you use a computer that runs Windows XP (or older O/S), replace it.
  • Insure your backups are sound.  They need to be verified and tested.

On the 3rd point, many people rely on Microsoft to automatically update Windows with critical updates using their auto-update service. However, a recent scan of one corporate network revealed that only about ½ of their computers were updating correctly.  In the other ½, the service had been turned off, or it was frozen.  Thus, auto-updates may not be sufficient to ensure that your computers are protected.

Experts world-wide are expecting variations of WannaCry to show up in the coming weeks and months.  The problem is not going away. It will get worse; the potential profits are just too tempting.

Finally, there is an element of intrigue worthy of the best spy thriller.  It appears that the root source of some virus code was the NSA (The US National Security Agency). Speculation is that it's part of their nasty toolkit.  I'll let the Conspiracy Theorists run amok with that thread.

In the meantime, if you have any doubts about the state of your computers, servers or networks, please feel free to contact us for more information.

Thanks,

Dave White, President
TRINUS Technologies
dwhite@trinustech.com