Many of you heard it in the news this weekend: there a big cyber-attack roaming through the internet and a lot of hospitals, companies and public services are affected by it.
I had some people asking me: Is it that serious?
Well, it is always difficult to say "yes" or "no" in such case:
"Yes" it is serious and still dangerous
WannaCry is a so-called ransomware. Many of the recent malware are of this kind. You receive a mail with an infected attachment or visit an infected web page – this installs the malware and set it running in the background. WannaCry is even a bit more tricky here: it is able to use a hole in Windows to spread to other computers in the same network. Either directly or trigger remotely after time it starts do encrypt all the data on your computer. When the job is done, a message will show up and tell you that you can have the decryption key for money or more often bitcoins. Sometime they'll send you a key and sometimes not – and you get no warranty that they repeat this data-high jacking… and no warranty if there are not also other things coming: they had probably access to all your data and maybe they use it, although there's no report yet about that.
"No" there's no need for panic.
But you must be careful and take some actions to be safe:
As written above the current malware WannaCry is using a known security hole in Windows operating system. This hole is fixed in Windows 8,7 and 10 but there is no update for Windows XP or older versions. This means if you have a current Windows version and updates are applied you should be safer.
So one important thing is: always keep your computers and mobiles up to date. Do software updates – don't switch them of!
The threat is mainly trying to trick you with an attachment in a mail – and till now it is not even very sophisticated: it's an executable program in a zip file. But this may change links to web pages or downloads can also be risky.
So another hint is to be careful with mail attachment or links: if you don't expect one you should not open it. If you know the sender, ask if this is an attachment or link he/she send to you or not. If you are unsure: don't open it. Ask someone that can help you to analyze whether it's a threat or not.
WannaCry is also trying to infect other computers in the network either by using a security fraud in the operating system or infected files on network shares (like on our M: or NAS folder) – but also here you have a chance to do something to get a better protection
Windows 8 and 10 comes with an integrated firewall and basic virus protection software (Windows Defender). There are several Virus protection Suites on the market each will do it's job – some are easier to manage some not and even the Microsoft Defender and firewall is a protection that dos a proper job. Make sure you have a virus protection and firewall running on your computer.
At XYZ/ORG we are using bitdefender for protection. So far it is doing a good job in most cases. Be sure it is properly installed and ask you IT if you are not sure about.
At the end there is no absolute security (that's life…) – but still: even if your computer got infected and your data is encrypted you do have a chance, as long as you took preventive actions:
Backup you private data and backup your computer. There are various solutions on the market for backing up your computer (e.g. Acronis True Image). All you need is this software and a USB-Disk or better two for backing up your data.
At XYZ/ORG we create backups of the network shares in head office servers and on NAS servers. There's also an existing solution to backup your data stored on your Notebook if you have no network shate available – contact your IT for details on that.
Be aware, keep the software and operating system on your computer/ mobile up to date, have a virus protection running, be sure your data is backed up and you have everything to restore your computer/ mobile.