Saturday

WannaCry Ransomware May Indeed Make You Cry

The security issue du jour is the "WannaCry" ransomware infection that is spreading literally - and rather quickly - around the world. If your Windows PC is infected, your files will be "encrypted" (scrambled and inaccessible) unless you pay a monetary ransom in Bitcoin to the Bad Guys.



Here is what you need to know:

If you are NOT already infected

Don't open attachments or click on links in email, even if it looks like it's from your bank or Amazon, or something similar. Call them if they need to supposedly verify some information. I know it's a hassle, but email has become a game of Russian Roulette these days.

Back up your files now. Today. I made a fresh set of backups this morning for our home computers. Copying your important files and folders to a USB drive is fine, just get copies of important onto separate media (i.e. not a folder or drive on the PC you are backing up).

Run Windows update manually and allow updates to install and then reboot. Microsoft has already issued a patch to mitigate against the exploit being used to spread this ransomware.

While you are at it, make sure you have a working, up-to-date antivirus of some kind - anything is better than nothing.

If your PC IS infected with WannaCry (or similar)

Shut it off and disconnect from your network, otherwise other Windows devices on your home network may be infected (part of the ransomware is also a worm, which can sneakily infect other PCs on the same network).

You are screwed - don't pay the ransom, just deal with the fact that your data is gone. Paying the ransom is no guarantee you will get your data back anyway and it will just encourage the Bad Guys to keep doing this sort of thing.

I would not try to Google for help in removing the WannaCry malware or restore your files by decrypting them - it's virtually impossible to do so, and you may just end up spending money or time on a fruitless "remedy".

Wipe and reload your PC, apply all the pending updates, and restore your backed up files (you do have backups somewhere, right?).

A couple of observations:

Although you may have heard that this ransomware was a result of the NSA's secret spying tools being released by Wikileaks, the ransomware itself did not originate with the NSA. 

One of the NSA tools used a long-existing exploit in Windows, which allowed the ransomware writers to package their malware with this tool, to allow them to infect vulnerable Windows computers.

Microsoft has already (quickly) issued a patch for the vulnerability. The speed of the patch makes me wonder if Microsoft was in cahoots with the NSA all along regarding this "unknown" vulnerability, but that's probably just my paranoia sticking its head out and sniffing around.

No comments :