Recently, there has been a ransomware virus circulating called “WannaCry Ransomeware”. It has spread globally targeting a flaw in the Microsoft Windows operating system. The virus encrypts the victim’s data and then demands a ransom for the decryption key. The speed and ferocity of the outbreak has taken many private and public companies by surprise.
The virus is spread via email as an attachment, but once it is on one computer, it can easily spread across the network to other vulnerable computers.
To minimise the risk of your business being affected, we recommend that you do the following:
- Do not open suspicious/unknown emails or email attachments.
- Do not open PDF documents attached to emails. (Even if it is from someone you know. Their computers could have been infected)
- Make sure that you’ve installed the latest security updates for Microsoft Windows. Microsoft released a fix for the exploitin March, but unpatched Windows systems remain vulnerable.
- Make sure your Windows Defender or other antivirus software is updated before logging on to any network.
- Ensure that you have a good backup system for your data and that your backups are kept up to date.
- If you suspect that your computer or network has been compromised, we recommend that you do the following:
- Shut down your computer immediately to avoid further damage.
- Disconnect any infected computers from your network to prevent other computers on the same network being infected.
As well as keeping antivirus, firewall, application and OS software up-to-date, backing up key data regularly to offline hard drives should be a top priority, most experts agree.
- Install the Microsoft patch. It’s available not only for Windows 10, but for earlier versions as well: Windows 8, 7, Vista, even Windows XP and Server 2003. This patch closes the vulnerability that the ransomware uses to infect the systems within the local network.
- If, for whatever reason, installing the patch is not possible, close port 445 using the firewall. That will block the worm’s network attack to prevent the infection. However, this measure should be viewed strictly as a stopgap. Closing this port will stop a number of important network services, so it isn’t a true solution.
- Make sure that all systems in your network are protected. This point is vital: If you haven’t patched every system or closed the 445 port, one infected computer may infect all the others.
- You may also use the free Kaspersky Anti-Ransomware Tool, which reliably protects from crypto malware. It can also be used along with other antimalware solutions; it’s compatible with most known security solutions and does not interfere with their operation.