Home

Trusted answers and information and Home Services devices and solutions from Neighbourhood contributors and the TELUS team.

WannaCry Ransomware Hits Thousands of Computers Across the Globe

Norton Symantec Rep
  • Contributors:

Two weeks ago, media reports emerged of a variant of ransomware known as “WannaCry” infecting Windows computers, and was spotted in over 70 countries.

 

What is Ransomware?
A form of malware, ransomware ruthlessly holds a computer’s data for ransom via encryption. If the user doesn’t pay the cybercriminal a certain amount of money within a certain amount of time, their data will be lost forever.

 

How to prevent infection?

 

  1. Keep your security software up to date. TELUS Internet includes Norton Security at no additional charge. (Norton download required)
  2. Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
  3. Email is one of the main infection methods. Be wary of unexpected emails, especially if they contain links and/or attachments.
  4. Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. Ensure that backups are appropriately protected or stored offline so that attackers can’t delete them.

What to do if you’re infected?

 

  1. Don’t pay the ransom. This is difficult, but authorities recommend that you not pay the ransom. There is no guarantee that the cyber criminals will actually release your data (many times they don’t) and they will mark you as a potential future victim who will pay.
  2. Neutralize the threat & clean your system. You can use Norton Power Eraser (free removal tool) to neutralize the threat. To clean your system, you may need to get professional help to restore your system to its original state.
  3. Update patches. Update ALL of your system patches (especially Microsoft) so they’re protected from the latest threats.
  4. Avoid re-infestation and install security software. TELUS Internet includes Norton Security at no additional charge. (Norton download required)
Was this article helpful? Yes No
Comments
Community Power User
Community Power User

Purchase or update to newer versions of your operating system. WannaCry attacked Windows XP, which has not received patches and updates since it was put to pasture a few years ago. Running legacy software has continuing risks to the user. 

Mango
Connector

According to Kaspersky Labs, Windows 7 users were most likely to get hit by the worm.  I don't know why some sources say Windows XP was vulnerable and some say it was not.

 

This article leaves out arguably the best way to protect yourself from ALL network-based attacks: use a firewall.  If you have a router, such as one of the ones TELUS provides, it contains a firewall.  You also need to make sure not to use DMZ or port forwarding (if you don't know what that is, that's fine - it needs to be specifically enabled).  If you frequently connect untrusted equipment to your network, you can also use a software firewall.

 

I don't use automatic updates because at least in my case they cause more problems than they solve, but because of my firewall I was not affected by the attack.

Norton Symantec Rep
Norton Symantec Rep
  • Windows 7 was most hit since it was most likely to be not patched (for various reasons)
  • The XP comments could be due to fact that it is not supported by MS any longer, and may not have had a patch developed for it.  And also not included in stats since it is not supported.
  • Telus router would not have prevented PCs from becoming infected if one PC on the local network is infected by another method (download or USB drive)
    • Note, if all PCs on the network were properly patched, none would become infected over the network.  They could still be infected by direct download.
  • The article above is indicating that propagation was through publicly exposed SMB ports.  A firewall configured to block SMB traffic could have stopped it ONLY if that is the Telus default configuration.  However, it would not have stopped the earlier versions which did use this vulnerability.  

 

In Conclusion:

  • Customers who do not follow standard best security practices to patch known vulnerabilities, probably are not properly configuring a firewall.  And depending on default configurations of any product is not a successful security strategy.  Additionally earlier version of this threat and millions of others would not have been stopped by a firewall, properly or improperly configured.

 

  • Layered security is absolutely essential.  No single technology should be depended on to protect from today’s threats.  And of course, systems must be kept up to date with security patches.