Last Friday, May 12, the new ransomware-type virus called Wanna Cry, attacked and spread rapidly all over the world. The attack began to be reported on Friday morning and affected, among other institutions, a telephone company in Spain, hospital systems in England, where medical appointments were canceled as a result, and Russian rail networks.
What is a ransomware and how does it work?
In the same way that there is the kidnapping of people for economic purposes, in the IT world the ransomware has become a data hijacker as this attack basically accesses our computer, encrypts all the information and demands a certain sum of money for your recovery, that simple.
Particularly the WannaCry Ransomware prevents access to the computer and encrypts the data, then requires a payment of $ 300 in Bitcoin in exchange for you recover the information, if you do not pay in a certain time the reward increases.
What is the danger to my company? Can it be one of those affected?
The virus has infected more than 200,000 computers around the world with victims in at least 150 countries, and although it stopped accidentally, there are already variants of it that still affect computers (here you can see in real time the progress of the attack). The biggest problem is that any of your company could run the virus unintentionally (when receiving an email and open it, when downloading a pirated internet program, etc.) and once infected encrypts all the files of the computer, and replicates by network to other servers, equipment etc. Everything you have connected in network units can also be encrypted. So it is normal that once infected a computer that is spread to virtually everyone who is network.
This behavior explains that it is advisable to disconnect the equipment so that it does not continue to encrypt and propagate. Therefore, if they are infected internally, the first thing they ask in the companies in general is to turn off and disconnect all the equipment, all this so that it does not continue encrypting files and increasing the problem. To then find the source and restore all affected computers and servers.
If your company uses computers with Windows operating systems and do not have automatic updates activated, your company IS VULNERABLE.
What data does this virus encrypt?
The virus figures (among some):
- Databases of companies (Sql, Mysql, etc)
- Excel sheets, word, power point presentations, Pdfs, etc.
- Zip, Rar, compressed files, etc.
Basically your company can be inoperable if you do not have a recent backup on which you can restore.
Make backup copies:
It should be a business policy to periodically back up the data and files we have on our computers and devices, both desktop and laptop computers, and mobile devices. It is also a good precaution to have two backups: one in the cloud, using one of the many services that exist and another physically on a hard drive or other device. This will not only be a lifesaver if you are a victim of ransomware, even if one of your devices is stolen or damaged.
Do not trust the network:
It is not about being paranoid, but as a general rule it is better not to rely first on links and files that reach you through mail or suddenly jump into pop-ups. Cybercriminals often send emails imitating banks or online stores (phishing), or sending links to malicious sites. Again, it is better not to fall into the trap, then it may be too late.
The more information you have, the better:
A good option is to activate the option in Windows that allows you to show file extensions and detect which ones can be malicious.
Stay away from the .exe extensions:
Or .vbs, .scr … are extensions of programs or executables. If you find these types of files, or download them from a page or email, be very careful, and do not execute them. Attackers use this type of file to introduce malware and Trojans into the computers of their victims.
Update and protect yourself:
It is always advisable to keep the operating systems of the devices and programs that we use updated to the latest available version; this is because the developers have been able to introduce new security measures or solve existing problems in previous versions. And of course, have security suites that can detect and prevent this type of malicious attacks.
Disconnect if necessary:
Ultimately, disconnect your computer from the Internet if you detect something strange. If you discover some kind of unknown or potentially fraudulent process on your device, disconnect from the Internet. Although there is a “but”, the new versions of ransomware use a predefined key, so this advice may not work.
Do not pay the ransom:
The security experts agree: in no case is it advisable to pay the ransom requested by the attackers. On the one hand because each payment drives this business and makes cybercriminals profitable to continue attacking. And on the other hand, because nobody assures you that they are really going to give you the key to deciphering your files.
Do not give up:
If you have been a victim of ransomware, do not despair, you may have a solution. Find the name of the malware that has infected you; it can be an old ransomware version and there is some way to recover your files,