‘WannaCry’ Two – What you need to know and how you can protect yourself
Recent news reports cite that there is a new type of the malware spreading across the world’s computers that is similar to the infections back in May that affected large parts of the NHS.
This malware is again known as ransomware that encrypts the files on a computer and makes them inaccessible to the user until a ‘ransom' is paid.
It would seem that the criminals have used a similar exploit to the Wannacrypt virus at we saw last month.
The good news is that the virus is not expected to spread at the rate that the previous strand did back in May and for PC users, as long as they are running an up-to-date version of Windows they should be safe. If you’re not sure if your software is up-to-date, users should install Microsoft patch MS17-010 as soon as possible to prevent them being vulnerable to this attack.
It is also important to make sure you have backed up your computer, as this will give you the ability to recover from any future ransomware attacks.
Here’s the official advice being shared by the Nation Cyber Security Centre for individuals and small businesses is as follows:
What can I do to protect myself?
There are three main things you should do to protect yourself
1. Update Windows
WannaCry only affects computers running Microsoft Windows operating systems that don't have the latest security patches installed. If you are using a recent version of Windows (Windows 7, Windows 8, Windows 8.1 or Windows 10) and have automatic updates turned on, you should already be protected automatically against WannaCry.
To update your version of Windows:
• If you are using a currently supported version (Windows 7, Windows 8, Windows 8.1 or Windows 10), run Windows Update and apply any updates.
• If you are using Windows XP, Windows Vista or older versions of Windows, download the WannaCry security update from here and install it.
Note: We strongly recommend that you do not continue to use unsupported operating systems, but instead upgrade to one which receives regular security updates from the vendor.
2. Run antivirus
• Make sure your antivirus product is turned on and up to date. Windows has a built in malware protection tool (Microsoft Defender) which is suitable for this purpose.
• Run a full scan to make sure your computer is currently free of all known malware.
3. Keep a safe backup of your important files
• Regularly create a backup copy of your important files (such as photos, documents, and other files that can't be replaced). If you have backups of files that you can recover, you can't be blackmailed.
• Make sure that this copy is kept separate from your computer. If it's on a USB stick, or a hard drive, or on any type of removable media, do not leave it connected (or anywhere on your network) or it may also be attacked by ransomware.
• You should consider using cloud services to back up your files. Many cloud service providers (for example, email providers) offer an amount of cloud storage space for free.
What to do if you have been infected with ransomware
The National Crime Agency (NCA) encourages anyone who thinks they may have been subject to online fraud to contact Action Fraud at www.actionfraud.police.uk.
If a small business has been a victim of ransomware and are worried about the infection spreading to other parts of your network, these steps may help guide your actions:
• Immediately disconnect you computer, laptop or tablet from network. Turn off your Wi-Fi.
• Safely format or replace your disk drives.
• Whilst you're still disconnected from your network, directly connect this computer to the Internet.
• Install and update the operating system and all other software.
• Install, update, and run antivirus software.
• Reconnect to your network.
• Monitor network traffic and/or run antivirus scans to identify if any infection remains.
Files encrypted by the WannaCry attack have no way of being decrypted by anyone other than the attacker. Don't waste your time or money on services that are promising to do it.
Should I pay the ransom?
The NCA encourages industry and the public not to pay the ransom. If you do:
• There is no guarantee that you will get access to your data.
• Your computer will still be infected unless you complete extensive clean-up activities.
• You will be paying criminal groups.