By now you’ve heard of the ransomware infection known as WannaCrypt or WannaCry. Initially spread through email, once the ransomware found a target, it infected vulnerable machines on the same network via a flaw in Microsoft SMB on older, unpatched systems. Consequently, this is how it spread to so many systems so quickly. Microsoft has since released a security patch to plug the hole in older versions of windows, something that Microsoft rarely does.

If your business systems are not fully patched at this point, do it now.

How to stop malware without really trying

You may not have heard that a security researcher @MalwareTechBlog identified an unregistered domain that the infection queried. If you’re not patched and have not been affected by this yet, you should probably buy MalwareTech a beer. As part of standard practice MalwareTech registered the domain and created a sinkhole to capture malicious traffic. MalwareTech didn’t know at the time that registering the domain would act as a “kill-switch” to stop further infection, however that’s exactly what it did. He has a great write-up of it here.

Image: Botnet Tracker/WannaCrypt available at intel.malwaretech.com.

Shown above, the MalwareTech Botnet Tracker will give you an idea of the scope of the problem. Depicted below, the graph shows how many unique IP addresses are being hit by WannaCrypt over time.

Image: Botnet Tracker/WannaCrypt

Ransomware Slowed but not stopped

On Saturday May 13, variants of Wannacrypt have been detected without the “kill-switch” feature. This newer variant has been dubbed "WannaCrypt 2.0". This means that if you’re not patched, you’re not safe. The fact is that there will likely be many variants of this threat.

Recommendations:

  • Backup your files
  • Make sure you’re not open to this attack (patch your systems).
  • If you haven’t already, upgrade your operating system to a supported version
  • Backup your files, really
  • Be skeptical of links sent via email or social media
  • Be careful about where users can go on the Internet
  • If you are on a network, consider disabling SMB on all client systems
  • If you haven't backed up your files, what are you waiting for?

In conclusion, if your business is in the Dallas/Fort Worth area and are not sure about what actions you need to take, please give us a call at 9722157611.

Like us on Facebook or Follow us on Twitter if you would like to see more articles like this as they develop.