WannaCry Ransomware

The ransomware attack is holding computer systems hostage worldwide. Here's what you need to know to keep yourself as safe as possible.

Why the WannaCry cyberattack is so bad, and so avoidable

The battle against the WannaCry ransomware continues. (In many spaces it's referred to as WannaCrypt. There appears to be no substantive difference between the two.)

The attack, which started on Friday, locked people out of their computers and encrypts their files, demanding they pay up to $300 in bitcoin -- a price that doubles after three days -- to receive a decryption key or risk losing their important files forever. What's worse is the malware also behaves like a worm, potentially infecting computers and servers on the same network.

More on the WannaCry ransomware attack

The ransomware was slowed by a security analyst last week after discovering a kill switch in its code, but has since been updated without the kill switch, allowing it to grow further. WannaCry has now reached more than 150 countries and 200,000 computers, shutting down hospitals, universities, warehouses and banks.

Though it might seem to be an issue for only businesses, institutions and governments, individuals are at risk, too, as WannaCry targets a Windows operating system flaw in older versions of the OS that have not been patched.

Important hat tip: The information herein comes largely from How to defend yourself against the WannaCrypt global ransomware attack by ZDNet's Charlie Osbourne.

These OSes are affected

The attack exploits a vulnerability in older Windows operating systems, namely:

  • Windows 8
  • Windows XP
  • Windows Server 2003

If you're using a more recent version of Windows -- and you've stayed up up-to-date on your system updates -- you should not be vulnerable to the current iteration of the WannaCry ransomware:

  • Windows 10
  • Windows 8.1
  • Windows 7
  • Windows Vista
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

But the reverse applies, too: If you haven't been keeping those newer versions of Windows updated, you'll be just as vulnerable until and unless you do.

If you're using MacOS, ChromeOS or Linux -- or mobile operating systems like iOS and Android -- you don't have to worry about this particular threat.

Update Windows immediately

If you're using one of the newer versions of Windows listed above (10/8.1/7, etc.) and you've kept your PC up-to-date with automatic updates, you should've received the fix back in March.

In the wake of WannaCry, Microsoft issued rare patches on the older versions of Windows it no longer formally supports to protect against this malware. Here's where you can download these security updates:

The full download page for all Windows versions is available here.

Turn Windows Update on if it's disabled

It's not uncommon for people to disable Microsoft's automatic updates, especially because earlier iterations had a tendency to auto-install even if you were in the middle of work. Microsoft has largely fixed that issue with the current version of Windows 10 (the recent Creators Update). If you have disabled automatic updates… head back into Control Panel in Windows, turn them back on and leave them on.

Install a dedicated ransomware blocker

Cybereason Ransomfree is a free utility designed to block threats like WannaCry.

Don't assume that your current antivirus utility -- if you're using one at all -- offers protection against ransomware, especially if it's an outdated version. Many of the big suites didn't add ransomware blocking until recently.

Not sure if you're protected? Dive into your utility's settings and see if there's any mention of ransomware. Or, do some web searching for the specific version of your product and see if it's listed among the features.

If it's not, or you're pretty sure you don't have any kind of safeguard beyond your patched version of Windows, install a dedicated anti-ransomware utility. Two free options: Cybereason Ransomfree and Malwarebytes Anti-Ransomware (currently in beta).

Block port 445 for extra safety

MalwareTech, whose security analyst on Friday briefly slowed the worldwide attack of the WannaCry ransomware posted to Twitter that blocking TCP port 445 could help with the vulnerability if you haven't patched your OS yet.

Warning: If you turn on a system without the MS17-010 patch and TCP port 445 open, your system can be ransomwared.

Keep watching for mutations

Just because there's a patch doesn't mean you'll always be protected. New variations of the ransomware have popped up without the Achilles heel and bearing the name Uiwix, according to researchers at Heimdal Security.

Can I get ransomware on my phone or tablet?

Ransomware in its current form -- most notably WannaCry/WannaCrypt -- is a Windows-specific form of malware. It's designed to target the Windows operating system and the files contained therein, so it's not a threat to mobile OSes like Android and iOS. That said, you should always exercise the same cautions when it comes to suspicious links in emails and on websites: When in doubt, don't tap.

What if I'm already infected?

At the moment, it appears there's no way to reverse the encryption for free. That's why many individuals and organizations often end up paying the ransom if their computers are already locked down (especially if they don't have a recent remote or cloud backup). However, Bleeping Computer has a guide to removing the ransomeware. While CNET has not independently verified the efficacy of that process, it's important to note that the malware remains on afflicted PCs even after they've been unlocked.

In other words, even if you pay the ransom, you'll still have work to do.

Cloud storage may help

If you're using a cloud-backup tool like Carbonite, you may be able to recover all your WannaCry-encrypted files by accessing earlier versions of them. And cloud-storage service Dropbox keeps snapshots of all changes made to files in the past 30 days. This is a very good time to investigate whether your online backup or storage provider does indeed keep rollback versions of your files, just so you know whether you have an option other than paying the ransom!


Print   Email