On Friday last week, the world was hit by a global ransomware campaign of unprecedented proportions. That campaign has now infected over 10,000 organizations and 200,000 individuals in 150 countries. This includes the UK National Health System that has been highlighted in media.
On Friday a researcher analyzing the code stopped the ransomware from spreading by registering a domain that served as a kill switch for the ransomware.
It wasn’t long before new variants of the WannaCry ransomware started emerging. One of the variants was also stopped today by registering a kill switch domain, the same way the ransomware was stopped on Friday. A second variant is not encrypting infected machines due to an error in programming, but it is spreading.
We expect new variants to emerge all week that continues to exploit the vulnerability in the Server Message Block (SMB) that WannaCry has been using.
How to protect yourself against WannaCry
- If you use old unsupported Windows versions, like Windows XP, Windows 2008 or Server 2003, install the patch that Microsoft has released to block the specific exploit that the WannaCry ransomware is using. You find it here: Microsoft Security Bulletin MS17–010.
- Update to a supported version of Windows as soon as possible.
- Update your Antivirus software. Most AV vendors have now added detection capability to block WannaCry.
- If you don’t have anti-virus software enabled on your Windows machine, at least enable Windows Defender which is free.
- For further reading: Microsoft has released customer guidance for the WannaCry attacks or this excellent post by Troy Hunt.
General recommendations on how to stay a safe as possible
- Always keep your OS and software updated to the latest version.
- Ransomware is usually distributed through email attachments. Never click on a file from an unknown or unverified sender.
- Use Anti-Virus programs. The usefulness has been questioned since cyber attackers get more and more skilled in writing attack software. But they do protect you in many cases.
- Backup regularly and make sure you have offline backups. That way, if you are infected with ransomware, it can’t encrypt your backups.