By now you have certainly heard about the weekend’s global ransomware attack. At YBS we are here to help any of our clients who have been attacked or want to prevent against the next wave of ransomware. Keep reading for tips on what to do if you’ve been attacked and some prevention tips for the next wave of predicted ransomware attacks.
A computer malware called WannaCry has spread across 150 countries appears to be slowing down, with few reports of fresh attacks in Asia and Europe on Monday.
The WannaCry ransomware started taking over users’ files on Friday, demanding $300 (£230) to restore access. Hundreds of thousands of computers have been affected so far. Computer giant Microsoft said the attack should serve as a wake-up call. BBC analysis of three accounts linked to the ransom demands suggests only about $38,000 (£29,400) had been paid by Monday morning. However, the ransomware warning said that the cost would double after three days, so the payments may increase. It threatens to delete files within seven days if no payment is made.
Here are some suggestions on what do to in case you have been attacked:
How to tell if you’re at risk from the WannaCry ransomware and what to do if you have been attacked
Originally posted on Tech Transformers on CNBC.com on May 15, 2014
What should I do to protect myself?
Authorities in the U.S. and U.K. have issued guidance on what to do.
Individuals and small businesses should:
- Run Windows Update to get the latest software updates.
- Make sure any anti-virus product is up to date and scan your computer for any malicious programs. It’s also worth setting up regular auto-scans.
- Back up important data on your computer in case it gets held for ransom.
Large organizations should:
- Apply the latest Microsoft security patches for this particular flaw.
- Back up key data.
- Ensure all outgoing and incoming emails are scanned for malicious attachments.
- Ensure anti-virus programs are up to date and conducting regular scans.
- Educate employees on identifying scams, malicious links and emails that may contain viruses.
- Make sure to run “penetration tests” against your network’s security, no less than once a year, according to the Department of Homeland Security.
What if I’ve already been attacked?
- Do not pay the ransom demanded by the WannaCry ransomware, cybersecurity firm Check Point warned in a blog post Sunday. The company said there is no evidence of the hackers giving people files back.
- For individuals, it might be worth contacting local IT support services.
- Businesses should contact law enforcement and provide as much information as possible.
- Restore backups of data.
How can I prevent ransomware attacks?
There are also steps that can be taken to protect against ransomware more generally. These include:
- Making sure anti-virus programs are up to date and updating all software.
- Back up copies of data.
- Scrutinize links and files contained in emails.
- Only download software from trusted sources.
Are You Prepared to Fight Against Ransomware?
Get started with YBS Backup & Disaster Recovery (BDR) Planning & Implementation, which can include Ransomware, Phishing, Malware and Virus Protection.
Your data is the lifeblood of your business. 78% of all businesses who experience a major loss will go out of business within the first year. You need to protect it from disaster, business emergencies, viruses, phishing, worms. and more. We can help.
With the Success of WannaCry, Imitations are Quickly In Development
Originally posted on BleepingComuter.com on May 15, 2017
With the successful launch of the WannaCry Ransomware last Friday, ransomware developers are being quick to release their own imitations. As of today, I found 4 different WannaCry knockoffs in various forms of development. Of particular interesting is what appears to be a WannaCry Ransomware generator that allows you to customize the appearance and text of the lock screen.
Let’s take a look at what each of these imitations have to offer. You can click on any of the images below to see a full size image.
Of the four WannaCry imitators, DarkoderCrypt0r is the farthest along in development as it actually encrypts files on a computer. As you can see below, the developers copied the WannaCry lock screen and adapted it a bit with their own title, bitcoin addresses, etc. Currently this in-development ransomware as it is only encrypting files on the victim’s Desktop. When encrypting files it will append the .DARKCRY extension to the encrypted file’s name. The executable will also be named @DaKryEncryptor@.exe.
Aron WanaCrypt0r 2.0 Generator v1.0
Aran wanaCrypt0r 2.0 Generator v1.0 is an interesting sample as it is being developed to be a customizable WannaCry Ransomware generator. This program allows you to create a customized WannaCry lock screen where a developer can customize the text, images, and colors of the lock screen.
The generator will most likely then use these customizations to create a customized WanaCrypt0r ransomware executable that can then be distributed by a wannabe ransomware developer in order to generate ransoms. At this time, the generator only allows you to customize the lock screen and then display the customized screen. It does not generate a customized ransomware executable.
Wanna Crypt v2.5
Wanna Crypt v2.5 is in the very beginning stages of development as it only displays the lock screen shown below when launched.
Like Wanna Crypt v2.5, WannaCrypt 4.0 is in the beginning stages of development and does not encrypt anything at this time. An interesting aspect of this sample is that the default language for the lock screen is Thai. As the original WannaCry does not support Thai, my guess is that the developer of this imitation is from Thailand.