By Jeandre Sutil, Security Engineer, Covata
15 May 2017
There has been lots of media coverage regarding the malicious release of WannaCry ransomware which has been wreaking damage worldwide. This post aims to provide some guidance on how to avoid being infected.
In summary, the initial form of dissemination of WannaCry happens through email scams. Attackers craft emails containing malicious attachments or links which aim to trigger the malware execution. Once WannaCry is run, it not only encrypts all the files on the user’s machine, but also tries to leverage a vulnerability in Windows OS to spread to other machines. Additionally, it ‘mutates’ by changing its own code to avoid detection by anti-virus and spam filters.
How to avoid being infected by WannaCry
The exploited vulnerability was patched by Microsoft in March 2017; however, it is very important to make sure systems and devices have been updated with the patch.
Be mindful of strange emails you might receive with links and attachments in general, especially those you may have received post-attack offering protection against the threat.
How to protect yourself
Data-level security solutions, such as Covata’s Safe Share, protect files, data and sensitive information, and therefore your organisation, from attacks such as these. It is important to check that version control functionality is included as this means your valuable files are stored in or synced with the solution.
Following an attack, you can then restore your system, apply the patch and recover the last version of your files via the solution.
How the malware operates: https://www.redsocks.eu/news/ransomware-wannacry/
For geeks: https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168
Free 30-day trial
For a no-obligation free trial of Safe Share, email email@example.com
May 15, 2017