This is an ACTIVE EMAIL THREAT – PLEASE FORWARD TO YOUR NETWORK USERS.
On Friday, May 12, 2017, cyber criminals released what has been the most malicious ransomware attack in history. The ransomware named WannaCry has infected over 10,000 organizations in over 150 countries so far. Several European health systems and major manufacturers were forced to shut down by the initial wave on Friday. To compound matters, at least two new strains of WannaCry have been released since Friday as the cyber criminals continue to leverage this latest threat.
WannaCry Ransomware Background
WannaCry starts as an email message that may appear to come from someone you know or from an unknown source. If a malicious link is clicked or an attachment is opened, the ransomware encrypts all documents on the computer and attached drives. What makes this new ransomware unique and so nasty is that it also exploits a Windows vulnerability to spread across connected networks as a worm, infecting other computers. The vulnerability that this worm exploits was brought to light as part of the WikiLeaks dump of NSA documents from April 14 of this year. Once infected, a message will appear that your files are encrypted and a ransom must be paid to get your files back.
What Can I Do to be Safe?
- Warn all email users to be vigilant. Never open unsolicited attachments or click on links in email messages without verifying they are legitimate. If you have questions, pick up the phone and call the sender or seek help from a supervisor or IT support.
- Apply Microsoft Windows updates. It is recommended that you leave your computer turned on overnight so that Windows updates can be applied. When finished working on your computer, restart the computer and allow Windows updates to operate. If Integrity currently provides your business with IT security and support services, we install the updates for you.
- Questions? Integrity clients are welcome to contact the Integrity RemoteFix team at firstname.lastname@example.org.
What Integrity Is Doing For Our Clients…
Since the initial news broke of this unprecedented ransomware attack, we have been verifying patches are applied and ensuring that layers of protection are in place and operating properly. WE ALSO NEED YOU – to be aware of suspicious email messages and to leave systems on overnight so that we may keep them up-to-date.
If You’re Not an Integrity Client…
Businesses that are not currently Integrity clients should take action.
- Ensure antivirus software is operational and up-to-date. Antivirus software vendors have created signature updates that may help to block the malicious code from running. Verify that antivirus is running and that the latest virus signatures are applied.
- Confirm data backups are working and protected from attack. If ransomware infects a system, backups are often the only method of recovery. Backups systems that are always connected to a network may be vulnerable to infection if not properly configured. It is also recommended that backups be frequently tested to ensure they will be available if needed.
- Patch Windows XP and Windows Server 2003. If you have a Windows XP computer or Windows Server 2003 system, Microsoft has prepared emergency patches for these end-of-life operating systems. Run “Windows Update” on XP or Server 2003 systems to ensure the patches are applied.
- Contact Integrity for more information. We can be reached at email@example.com, or call us at (309) 664-8146. Be safe and THINK BEFORE YOU CLICK!