According to most accounts, Friday’s massive cyberattack hit as many as 200,000 victims in at least 150 countries and that number could grow today, as people return to work. Cybersecurity experts in Europe, say the spread of the ransomware virus — named WannaCry – which denied users access to their computers in hospitals, manufacturing facilities, retail locations, and schools, has been slowed down, but it has not been stopped.

The quick spread of the WannaCry ransomware across the globe, is yet another reminder of how crucial it is to keep computers properly patched. While most likely it is too late for those already impacted, companies and individuals should verify immediately that their Windows computers are patched accordingly (Microsoft Patch MS17-010, published on March 14th, 2017). On an ongoing basis, companies should maintain a sound patching process to include:

  • Centralizing your patching process using policies and a patch management system
  • Maintaining an up-to-date inventory of all your computer assets
  • Using a system to constantly compare reported vulnerabilities against your inventory
  • Quarantining unpatched machines from your network, whenever possible

In some cases, when patching is not possible, specific compensating controls need to be carefully applied to mitigate the risks associated with the vulnerability.

What Is Ransomware?

Ransomware is a very specific type of malware. Imagine this. You or an employee of your organization attempts to open up an important file, such as a quarterly sales report, or profit/loss statement. Instead of the file opening as usual, a message pops up on the screen that says, “The file you are trying to open, has been corrupted, and your computer compromised. In order to open the file and clean your computer you must pay $500.00 for new software.”

That is what it is like to be the victim of “ransomware.” In these kinds of ransomware attacks, a malicious program or virus has infiltrated your system, and the very hackers that put it there, are now charging you a “ransom,” to remove it.

With the WannaCry infection, as in most cases of ransomware, never pay the ransom. It may be tempting, to pay what may seem like an incidental amount to get your files back, (WannaCry is asking for about $300.00), but understand, these are criminals, and it is unlikely that what they have created, will actually restore your files once you pay the ransom.

If you have been hit, most likely any files that have not been backed up, have been lost forever.

It is possible to remove the WannaCry virus from your computer once it is there – although the process can be quite complicated.

To learn more strategies on how to be better protected against Ransomware attacks, contact Christian Kutscherauer (ckutscherauer@mbafcpa.com)