Menu
WannaCry ransomware: When your files are held to ransom

WannaCry ransomware: When your files are held to ransom

Symantec shares best practices for protecting against ransomware.

Ransom demand screen displayed by WannaCry Trojan (Image - Symantec Security Response)

Ransom demand screen displayed by WannaCry Trojan (Image - Symantec Security Response)

Over the weekend a new variant of the Ransom.CryptXXX family (Detected as Ransom.Wannacry) of ransomware began spreading widely impacting a large number of organisations.

It has been described as the largest ever ransomware attack in the world.

According to Symantec, WannaCry encrypts data files and ask users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

WannaCry has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows, says Symantec. Computers which do not have the latest Windows security updates applied are at risk of infection.

Symantec does not recommend paying the ransom. Encrypted files should be restored from back-ups where possible, it states.

In a blog post, Symantec shares the following best practices for protecting against ransomware:

  • New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
  • Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
  • Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
  • Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
  • Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organisations should ensure that backups are appropriately protected or stored off-line so that attackers can’t delete them.
  • Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to ‘roll back’ to the unencrypted form.

Follow CIO New Zealand on Twitter:@cio_nz

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags symantecBitcoinWannaCry

More about MicrosoftSymantecTwitter

Show Comments