AFFECTS: Microsoft Windows computers
Recently there has been a huge increase in malware distributions triggered by an apparent 0-day release of windows exploits previously authored and utilised by the NSA.
One particular exploit is now being used by what’s known as the ‘WannaCry’ ransomware attack.
This ransomware is a worm, programmed to seek out new hosts from neighboring systems instead of other distribution methods such as spam and scam emails, meaning once one system in your network is infected, others will shortly be attacked by the originally infected machine.
Security researchers have already worked a fair amount on this worm, and have triggered it’s current kill switch, however derivatives using the same exploit are certainly possible and relatively easy to implement.
This is why it’s important to ensure your computer is up to date with the latest operating system using the windows update utilities.
It is also strongly recommended that you run antivirus software with the latest definitions, and as always, backup, backup, and backup..
The ransomware encrypts your files and then transfers the encryption key to the attackers, holding your data to ransom for $300USD, which goes up after a certain time has expired; However, there is absolutely no guarantee the decryption key will be released once the ransom is paid, nor is there any guarantee that your computer won’t be re-infected.
As the files are encrypted, it’s next to impossible to recover from this, unless you have a good backup strategy.
For this reason, I strongly recommend external and internal backup solutions such as BackBlaze’s Cloud Backup Solution for external (offsite) backups, which also include versioning, in addition to a backup on a removable USB disk or NAS as well.
As suggested above as a possibility, the WannaCry ransomware has been re-released without the kill switch that temporarily stopped or slowed down the propagation.
Please ensure you’re all up to date ASAP and remember to back up!