Over the last 48 hours a new strain of Ransomware is attacking computers across the world, it has been most successful in Russia and the UK and experts expect that on Monday a new wave of attacks will hit the UK.
The payload is triggered from an email attachment or from an infected website that you are directed to from social media or again from an email. What makes this Virus so powerful is that is uses a exploit on a un-patched windows machine to spread to every other computer on your network that has not been patched.
Microsoft has been aware of the exploit since March and as such released a hotfix to close the vulnerability, however computers that have not enabled automatic updates will still be vulnerable and will spread the Virus to any other computer on your network that has not been patched.
What to do if your machine is infected
The most important thing to do is turn of any infected computers right away .
We would also suggest turning of all other computers on the network at this time and calling your IT support ASAP. if it can be caught at this point your recovery will be a lot easier. The sooner your IT knows the better it will be. Do not email, call them. if you have no IT support then make sure you have good backups.
To remove the virus from your machine yourself take a look here
What can you do to protect yourself
We have written up a list of things you can do to protect yourself and check if you have the required patch installed
If your computer is part of a Business network then the only way you will be infected is if you open up an email containing the Virus payload, or by following a link to an infected site. For the next few week we suggest all users become suspicious of all attachments and links from 3rd parties or from organisations you are not expecting emails from. You can always check with your IT Support anything you are unsure on.
Speak with your IT Support and ask them to confirm that the update has been installed, if your server is managed by RG computers then this has already been done.
by default Windows 10 has automatic updates enabled and so you should already have the patch installed . but if you want to check
- click the start button and type windows updates
- click on windows update setting
- it should say:
If your updates are not working, then speak with your IT Support to look into this.
- Click Start, click All Programs, and then click Windows Update.
- In the left pane, click Change Settings.
- If the Important updates setting is set to Never check for updates (not recommended), Windows Update is turned off. To automatically download and install important updates, click Install updates automatically (recommended).
- Under Recommended Updates, click Give me recommended updates the same way I receive important updates, and then click OK.
Other things to check
- Update your Antivirus software definitions. Most AV vendors have now added detection capability to block WannaCry.
- If you don’t have anti-virus software enabled on your Windows machine, we recommend you enable Windows Defender which is free.
- Backup regularly and make sure you have offline backups. That way, if you are infected with ransomware, it can’t encrypt your backups.
- For further reading, Microsoft has released customer guidance for the WannaCry attacks and Troy Hunt has done an excellent detailed writeup on the WannaCry ransomware
The second wave of attacks appears to have just started within the past few hours. This is going to be a rough week for Windows users. We recommend you speak to all your friend and work collages to check the above.