PCT News

May 2017

New Ransomware makes you "WannaCry"

Excerps from welivesecurity.com Michael Aguilar, May 13, 2017 and clark.com Theo thimou, May 15, 2017

New ransomware, named WannaCryptor, but also referred to as WannaCry or Wcrypt by other security vendors and in the media, has been spreading rapidly. One reason for the speed at which this malware is spreading appears to be the way it utilizing the eternalblue SMB exploit, part of a large collection of files that leaked from America’s National Security Agency (NSA).

Unlike most encrypting-type malware, WannaCryptor has wormlike capabilities, allowing it to spread by itself.

The worst issue that is being dealt with by victims is this: the files touched by the attack are encrypted and the attacker is the only source for the key to reverse that. This can have dire consequences, especially in the healthcare sector. Encrypted patient records, doctor’s files and other items may not be usable or accessible unless there is a good backup to restore from.
The ransom that has been demanded for decryption of the files appears to be about $300, which is actually lower than other ransomware we have seen, but the true cost will be all the time, lost files, and other collateral damage caused by this malware.
Fortunately, to protect yourself against this latest threat, there is much that you can do, and you should probably get started sooner rather than later:

  • Install Anti-malware Software – Make sure any anti-virus product is up to date and scan your computer for any malicious programs. It's also worth setting up regular auto-scans.
  • Update, update, UPDATE! Microsoft released patches for these exploits prior to their weaponization. Granted, patches weren’t available for all Operating Systems, but the patch was available for the vast majority of machines. This event even forced Microsoft to release a patch for Windows XP which has been unsupported since 2014 – which gets back to the first thing that was said. UPDATE! Why are there still machines on XP!? These machines are vulnerable (beyond this attack) to the ransomware functionality of this attack and they need to be updated. Users of pirated Microsoft software are unable to download the security patch, forcing them to fend for themselves or rely on a third-party source for a solution.
  • Back up important data on your computer in case it gets held for ransom.

What to do if you are infected

If someone is holding your computer hostage for money, never pay the ransom.

First, there’s no way to tell the scammers will unlock it. Second, there’s no way to guaranteed that they won’t load additional viruses on your computer. Third, you’re rewarding bad behavior if you pay them!

So what should you do? Well, if you’re able to, you should download and install Microsoft patch MS17-010, available here, which will resolve the vulnerability in Windows.

Failing that, you may need to contact a professional to clean your computer if you’re infected. Even if you’re able to unfreeze your computer yourself without paying the ransom, elements of the virus could remain behind.

Tech Scams and How They Work

Cybercriminals don't just send fraudulent email messages. They might call you on the telephone and claim to be from Microsoft. They might also setup websites with persistent pop-ups displaying fake warning messages and a phone number to call and get the “issue” fixed. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

  • Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.

  • Convince you to visit legitimate websites (like www.ammyy.com) to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.

  • Request credit card information so they can bill you for phony services.

  • Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

“Remember, Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.”


Our Recommended Antivirus

Authorized Retailer

Century LinkLenovo Authorized Retailer