WannaCry Ransomware Attack Spreads Across More Than 150 Countries
May 2017: A new ransomware variant known as WannaCry made the headlines as a global cyber attack that has affected organizations in over 150 countries. China has reported that around 30,000 institutions have been infected, including universities, hospitals, railways and gas stations. The U.S. delivery company FedEx is also reported to have been affected. According to Microsoft, the attack uses exploits stolen earlier this year from the United States National Security Agency (NSA). Progent encourages clients to follow best practices for protecting themselves against WannaCry and similar ransomware threats.
For immediate help to guard against WannaCry or for post-attack cleanup, contact your Progent account representative or call Progent at 800-993-9400.
Key Facts About WannaCry Ransomware
How Progent Can Help You Guard Against WannaCry and Other Ransomware Attacks
- The WannaCry attack is believed to have started with infected email
- WannaCry uses a worm mechanism that exploits vulnerabilities in unpatched versions of Windows and Windows Server. Once WannaCry has penetrated a computer, it encrypts files and spreads throughout a network.
- WannaCry announces itself on compromised systems via a popup window that asks for money in exchange for a decryption key.
- There is no known way to decrypt the encrypted files without the private key
- There is no guarantee that paying the ransom will decrypt files on an Infected system.
- Reports indicate that a backdoor remains after a ransom has been paid.
- Patches are available from Microsoft for different versions of Windows and Windows Server.
- In case a computer has been infected, you should immediately isolate the system to prevent other devices from being infected.
Progent can help you make sure your Windows systems have up-to-date security patches. Progent can also help you configure your antivrus (AV) systems, URL filters, firewalls and DNS servers to protect against current and future ransomware exploits. Progent offers low-cost security inventory packages that assess your entire computing environment for vulnerabilities. For information about Progent's multi-layer solution to defend against email-borne malware, see Email Guard malware filtering and data leakage protection.
How Progent Can Help You Clean Up After a Ransomware Attack
A Progent consultant can provide cost-effective online support by using remote screen control to go through the initial cleanup process. Steps include isolating all infected computers, manually removing all known components of the attack package, running multiple scans to ensure no trace of the malware remains, and installing the latest security patches from Microsoft. Your Progent account representative can assign a data recovery expert to help you restore files from your most recent clean backup and install appropriate malware defense mechanisms to protect you from future attacks. Progent can also recommend backup/recovery solutions that minimize the impact of successful exploits in the future.
Links to Additional Information About WannaCry Ransomware
These links will help you learn more about WannaCry ransomware:
NBC article about WannaCry attack:
Blockbuster WannaCry Malware Attack Could Just Be Getting Started
BBC article about WannaCry attack:
WannaCry ransomware cyber-attacks slow but fears remain
Fortune article about WannaCry's Successor:
Meet EternalRocks, WannaCry's Scarier Successor
Microsoft Security Bulletin MS17-010:
Security Update for Microsoft Windows SMB Server
Contact Progent for Help Against WannaCry Ransomware
If you have any questions about how Progent can help you protect your network from WannaCry ransomware, contact your Progent account representative or call Progent at 800-993-9400.