Courtney Road

Tiverton, Devon, EX16 6EE

+44 1884 664 004

Mon - Fri: 9:00 - 17:00

Online portal and guides 24/7

May 2017 Cyber-Attack

WannaCrypt Cyber-Attack

On Friday 12th of May over 90 countries have seen the start of a mass cyber-attack using a virus called WannaCrypt. This virus is an updated version of the recent CryptoLocker that hit businesses a few years ago.

Below is a guide on how this virus works as well as what you can do to protect yourselves; but a quick note for all is make sure your systems are up-to-date as this is why it has spread.

 

How does WannaCrypt work

How does it infect me?

WannaCrypt enters your computer by either an email which has an attachment, or a link that you click downloading it. Once it is in your network it tries to spread using standard SMB network language which is at the heart of most Microsoft networks.

What does it do to my machine once infected?

If you are successfully infected by the virus it starts searching for files it has access to on your PC and any network drives you have access to. Once this list is created the system then encrypts them using a password that your business does not know; as you do not know the password, encryption level or software you cannot access your files anymore.

How do I protect against this?

Maintenance Clients

 

As part of our ongoing tasks, in the background we are constantly looking at your businesses security from Microsoft patches to the quality of your virus scanner and connection to the internet.

The security patch from Microsoft that stops this infection from happening was released 14/03/2017 under security bulletin MS17-010. Our policies for patches of this security level are to run an update routine every day meaning our clients with PC’s protected by this patch will have it installed.

Non-Maintenance Clients

For our non-maintenance clients, we suggest you run your update procedures as soon as you can as well as running a virus scan on your computers. Once this is done your systems should be secure from this attack.

What do I do if I have already had my files compromised?

If your files have already been compromised you need to look at turning off all possible computers to stop the infection from spreading as well as contacting your preferred IT Support company or us via our Contact Us page.

Your support company should then be looking at either data recovery; or rolling your data back using your backup or disaster recovery system.

Why has this spread so fast?

The reason the virus has spread so fast is down to out of date systems. Lots of companies use out of date versions of software like Microsoft Windows for various reasons like: –

  • Lack of funds to replace systems
  • Run an older application that is no longer created
  • Run an older application that does not support newer operating systems like Windows 10

 

 

We hope this information has been helpful, but if you do have any questions please get in touch with us via our Contact Us page.

Share this post