Simple steps to tiptoe around WannaCry ransomware nightmare

16 May 2017

Tiptoe. Image: By doodko/Shutterstock

As the biggest ransomware attack in history rumbles on, are you suitably protecting yourself from getting hit? These steps should help.

WannaCry, WCrypt, WanaCryptor, WannaCrypt0r 2.0. These are all names for the world’s largest ever ransomware development, in which 150 countries hosted more than 200,000 attacks.

Since it emerged last Friday (12 May) and ripped through Russia, south-east Asia and most of Europe, major bodies such as the NHS, Renault, Telefónica and MegaFon have been battling to stay up and running.

Security companies profit

The stock market has reacted, causing shares to surge in security technology firms, and it is believed that the attack will lead to more sales of security products.

This is obvious, given that WannaCry is nothing new, thematically. The basics remain true when it comes to defence mechanisms and cybersecurity companies that are selling such protective products.

This is especially important given Europol’s prescient 2016 fears that this year would see such attacks surge. But what can you do, as a simple consumer, to protect yourself against such a powerful ransomware attack?

Eset Ireland provided several tactics, advising users to update Windows software first, this being the single biggest commonality among those hit by WannaCry. For more detailed information about the Windows vulnerability and how to resolve it, see Microsoft Security Bulletin MS17-010 – Critical.

Who sent the email?

Basic tips such as a standard reluctance to open attachments in emails from strangers (though a well-trodden path) are suggested, as well as targeted warnings among organisations.

For example, HR and finance departments would be the areas seeing the most incoming email traffic from unknown or relatively unknown sources. Attachments would be commonplace in this field, so due care is perhaps more important here than anywhere else.

Also, backing up data is a must. The way ransomware works is that it encrypts files on computers, often rendering them impossible to recover without paying the attackers.

But, if everything is backed up, the encrypted files are not as valuable to the attackers.

“In the event of infection, this will help you recover all data,” said Urban Schrott, IT security and cybercrime analyst with Eset Ireland.

“Do not leave external storage used for backups connected to your computer to eliminate the risk of infecting your backups. If your system requires Windows Updates to receive the patch for this exploit, create new backups after applying the patch.”

Think security first

Rory Byrne, CEO and co-founder of Security First, and security analyst Amin Sabeti recently wrote of the attack for Advocacy Assembly, echoing this sentiment. They went one step further and recommended encrypted backups, again disconnected from the internet.

Claiming that WannaCry is something that experts have been warning about for years, the duo lamented how easy it is to attack operating systems such as Windows XP, which is no longer fully supported by Microsoft.

“We need to keep in mind that this attack was not a sophisticated attack, and people could and would protect themselves by keeping their OS up to date. Even without having an antivirus,” they said.

However, one warning for this particular malware seems novel: the success of WannaCry was such that the attackers may not have the resources to process all the payments made by victims, with no other avenue of reproach.

“As such, there is a high chance that if you do pay the ransom, you may not receive the key or that it may take longer than normal to be able to decrypt your files.”

Elsewhere, Schrott advises the disabling of Remote Desktop Protocol access, while also disabling macros in Microsoft Office.

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com