Since being unleashed on May 12, the WannaCry ransomware attack has become the largest ransomware event in history, crippling 200,000 computers in more than 150 countries. While it was briefly slowed (accidently, as it turns out) by a British security expert, criminals have since updated the malware. It continues to spread at an alarming rate.
A lot of media attention has focused on the organizations affected by WannaCry – notably FedEx, Nissan, Spain’s Telefonica, Britain’s National Health Service, the Russian Interior Ministry, and Germany's rail network. Maybe reporters assume multinational corporations and branches of government have been vigilant and are better at keeping their computer systems up-to-date. (Turns out, they aren’t.)
But for individuals, families, and small office/home office users, WannaCry and other ransomware programs continue to pose a serious threat to their data ... even if the impact on consumers doesn’t receive the same media attention.
What is ransomware?
Ransomware is a particularly vicious type of malware that infects your computer, blocks you from accessing your data, and demands a ransom in order to regain control of your files. Typically, ransomware will encrypt all of the files and then post a message that promises to decrypt the files if the ransom is paid … or destroy them if not.
What is WannaCry?
WannaCry is a piece of ransomware that is also known as WannaCrypt (as well as WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2). What it’s called isn’t as important as what it does.
What’s been so devastating about WannaCry is how quickly it spread. Leveraging a vulnerability in Windows with the worm-like exploit called EternalBlue (which originated with the USA’s National Security Agency, but was made public by the Shadow Brokers hacking group), WannaCry exploits a flaw in Microsoft’s network file sharing protocol. It seeks out other vulnerable computers on the network to infect, which allows it to spread at an exponential rate.
The ransom for WannaCry starts at $300 in Bitcoin (the untraceable online crypto-currency), but as time goes on the amount required to unlock your files increases. (With more than 200,000 computers infected, that potentially represents $60 million in ill-gotten gains.)
Doesn’t my anti-virus software protect me?
Using quality anti-virus and anti-malware software is absolutely vital to a strong data protection plan. However, it is important to recognize that new ransomware threats cannot be stopped by those solutions. Here’s why.
Anti-malware programs work by comparing any unknown program trying to run on your computer against a list of known threats that security researchers have already identified. That helps avoid known malware threats, but it doesn’t account for so-called zero-day exploits: malware that exploits vulnerabilities that have not yet been discovered by the security community.
WannaCry used a zero-day threat to exploit a Microsoft vulnerability that had only recently been uncovered. Microsoft issued a software patch to close that hole, but not all its customers had gotten around to installing it. The combination of unknown threat (invisible to signature-based anti-malware measures), unpatched vulnerability, and very effective replication led to the WannaCry pandemic.
By comparison, Acronis’ unique, patented technology uses heuristic analysis to identify the suspicious file activities common to all ransomware attacks and immediately stop the attack. It’s looking for bad behavior, not signatures. Available to consumers and home offices through a Premium subscription of Acronis True Image 2017 New Generation, Acronis Active Protection not only detects and blocks a ransomware attack, it instantly restores any data that was encrypted.
How to defend/protect against WannaCry?
Security experts recommend four steps to help safeguard your computer from being infected by WannaCry.
- Make sure your computer’s software up to date. Just before the ShadowBrokers hacking group revealed the vulnerability, Microsoft released a patch for the exploit, known as MS17-010. That alone was newsworthy, since Microsoft was patching operating systems that it no longer supported, but clearly a lot of individuals and organizations did not download the patch. In order to avoid infection, immediately confirm that your system software is current.
- Create a full image backup of your system, ideally using a secure backup solution with active ransomware protection. A full image backup includes everything, including files, folders, programs, operating system, and system settings. If your computer becomes encrypted, you can simply restore your system in a matter of minutes. Since WannaCry also infects backup files, you’ll want to use backup software with active ransomware protection in order to safeguard both your system and your backup files. If your backup solution only offers reactive ransomware monitoring – analyzing newly backed up files – that is not enough.
- Regularly download updates for your anti-malware software to ensure its signature database is up-to-date. That will protect you against already-discovered threats.
- Be alert to how criminals try to get malware on your system. Most viruses get onto your computer when you click on a link or open an attachment in a malicious email that is designed to look safe and lull you into a false sense of trust. You can also pick up infections from malicious online ads and by visiting dubious websites (think illegal or questionable content), as well as infected USB drives. There’s a whole segment of the criminal underground whose sole job is to figure out how to get you to lower your guard and open your door to them. Be wary online.
To protect yourself from the next ransomware attack, you should also get Acronis True Image 2017 New Generation with active ransomware protection to ensure your system is protected while you wait for your anti-malware software to catch-up to the new threat.
What to do if I’m infected by WannaCry?
If your computer is already infected, it may be too late, but here’s what the experts recommend. First, do not click on “decrypt” or “check payment.” Paying the ransom doesn’t always work: one in five users who pay never get the promised remedy. After all, you’re dealing with criminals on the other end of the transaction.
If you can, download and install the patch from Microsoft.
If you have an isolated backup of your system – one that was not connected to the infected computer, like a cloud backup – you can restore your infected files. But keep in mind that WannaCry will try to infect backup files as well, so if you only have a backup on a local drive, you might be out of luck.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.