Defending Against WannaCry

As you may have heard, this past Friday hundreds of thousands of computers worldwide became infected with a computer virus known as “WannaCry” (or “WannaCrypt”). This virus spread rapidly due to a vulnerability in Microsoft Windows that was patched in March of this year. This virus combined several smaller attacks together to create a devastating piece of malicious software (malware) that infects the target computer, modifies documents and other data to be unusable (through encryption), demands a ransom of $300 to restore files to their original form, and searches for other systems on the network to infect as well.

For most, using a personal computer on the Internet behind a firewall is not a risk in and of itself, as the virus is unlikely to infect standalone computers across the Internet without user interaction (i.e. manually downloading a malicious file). However, if you are on a network with other Windows computers (and have not installed the Microsoft patch to address the vulnerability) you are at risk of infection should another computer on your network become infected (through a manual download or other sources). We recommend everyone install the patch immediately (links below) and practice safe browsing and email usage (such as not downloading and opening files from unknown sources or that look suspicious).

Please note, just because you have installed the patch does not mean you are immune from infection; however, it does mean that without some manual interaction (such as opening a downloaded virus) you will be protected from being infected by another PC on your network. It can be thought of as the difference between being infected by an airborne pathogen versus accidentally drinking poison.

To be sure you are protected, please make sure you have installed the Microsoft patch to address the vulnerability in question (known as MS17-010). Patches for currently-supported Windows operating systems (and also Windows XP/Server 2003) can be found here: http://www.catalog.update.microsoft.com/Search.aspx?q=ms17-010. Please speak with your IT department before attempting to install anything on your own, as they may have other systems in place to handle patch management.

TJT Information Security Services offers several different assessments that can identify vulnerabilities and help organizations secure themselves against cyber threats. Penetration Testing, our most popular assessment, involves TJT hacking into your organization to identify vulnerabilities, assess the impact, and recommend remediations. This is the most realistic simulation of a real-world cyber-attack and can help find holes in your organization before the real criminals do. For more information on this or other security services, please contact Drew Green, Director of Security Services at Drew.Green@tjtpa.com, or visit our website at https://www.tjtsec.com.

Posted in: Blog

Leave a Comment (0) ↓