Cyberattack “WannaCry” – What you need to know

As you’ve likely seen in the news, there has been a massive, widespread malware attack spreading around the world. It’s been dubbed “WannaCry,” and here’s what you need to know:

What we’re doing:
• If you’re a client under active management by NetEffect, we've got you covered. We’re working this weekend to verify your servers and computers have a recent Microsoft patch that prevents the infection.
• Webroot (the endpoint security software we use with our fully managed clients) has rules in place to detect and prevent WannaCry ransomware infections.
• Both Fortinet and Sonicwall have updated their firewall services to recognize and block WannaCry, so assuming you’ve allowed us to renew the services on your firewall, you’re protected… though as you know, no protection is perfect, and with nearly all variants of malware, safe computing practices by the end user (see below) provide a very good defense.

What you can do?
• WannaCry is primarily delivered via an email attachment, so DO NOT OPEN EMAIL ATTACHMENTS OR CLICK ON LINKS IN EMAILS unless it’s from a known source. And even still, BE SUSPICIOUS, especially over the coming weeks. “Spoofed” emails can appear to be from a known source. It’s highly likely that imitators will capitalize on the success of this malware, and release additional variants of this piece of malware.
• WannaCry is also delivered by malicious website links, so be cautious as you browse the web.
• Patch your home computers immediately since they are not under our management.

What if I get infected?
• Isolate infected devices immediately by removing them from the network as soon as possible to prevent ransomware from spreading to the network or shared drives.
• If your network has been infected, immediately disconnect all connected devices.
• Power-off affected devices that have not been completely corrupted. This may provide time to clean and recover data, contain damage, and prevent conditions from worsening.
• Contact us immediately to report any ransomware events and to request assistance.

About WannaCry:
• Experts say it’s the worst and most widespread malware ever seen. Reports say there were more than 75,000 ransomware attacks in 99 countries on Friday, and it’s still spreading.
• The responsible party is unknown, but the majority of the attacks have targeted systems in Russia, Ukraine and Taiwan.
• WannaCry is ransomware; it locks all the files on an infected computer and asks that a ransom be paid in order to release the files. Payment is made by bitcoin, and the ransom demands are in 28 different languages.
• The malware uses an exploit in the Windows operating system that was discovered as a result of spy tools being stolen by the NSA last month. These tools included pre-written code for exploiting the flaw, allowing the attackers to essentially copy and paste that code into their own malware.
• Microsoft released a patch for the vulnerability last month, and in a very unusual move, and in the wake of the attack, they released a patch for older operating systems including Windows XP, Windows 8 and Windows Server 2003.

You can find more information here:

http://blog.fortinet.com/2017/05/12/protecting-your-organization-from-the-wcry-ransomware

https://www.webroot.com/blog/2017/05/13/wannacry-ransomware-webroot/