Over the weekend, businesses, institutions, and individuals in 12+ countries have fallen victim to a ransomware program known as “WannaCrypt”, or a variant thereof. For those unaware, WannaCry is fast-spreading form of malware that remotely targets nearby computers running on unpatched or unsupported versions of Windows.
Once infected, computers with this malware being encrypting all the user files they can find on the network, displaying a red ransom note (below) demanding $300 for a decryption key, with the cost increasing as time goes on.
From a technical perspective, the malware spreads via SMB – that is the Server Message Block protocol – typically used by Windows machines to communicate with file systems over a network.
Microsoft released a fix for the exploits (MS17-010, used as a part of its March “Patch Tuesday” release), but unpatched Windows systems remain vulnerable. If you are certain your PCs were updated after March 28th, you should be safe – if you’re unsure and would like to schedule an assessment, please contact us today!
Euclid Network’s Partner Update
For current partners of Euclid Networks, our proactive monitoring and maintenance software ensures all computers on service plans have critical Microsoft patches regularly reviewed, whitelisted by our partner NOC, and deployed to our client’s machines. We strongly believe in a proactive approach to IT Support, and ensuring software is up to date on business systems is our top priority.
Due to the seriousness of this particular outbreak, we are also manually reviewing our partner’s machines to ensure Microsoft security bulletin MS17-010 has been implemented across the board.
Additionally, our Antivirus partner, Webroot, has announced they have deployed preventative measures for this ransomware – and our partners using Dell Sonicwall Firewalls with Comprehensive Gateway Security Suite licenses should rest assured they have another layer of protection, with Sonicwall having discovered this malware and its variants as of mid-April.
Your Mitigation Strategies for Ransomware : Backup
In today’s technology environment, having good preventative measures in place is only the first step to having a comprehensive disaster plan in place.
Ideally, you want to have a 3-2-1 backup strategy in place. This means having at least 3 total copies of your data, 2 of which are local but on different physical devices (such as external storage drives) and 1 of which is offsite – preferably cloud based, with versioning capabilities.
If you don’t have a backup strategy in place, or want to re-evaluate your current plan, please contact Euclid Networks for a consultation!
If you’re unsure of how to assess your current needs, just consider your ability to recover from the following scenarios:
- All your files become corrupted (or encrypted) and replicated to your backup devices before anyone realizes.
- You have backup on one machine or server which is protected, but envision other devices that can communicate with your machine, and how they might be affected by the spread of malware.
- Envision a scenario where all your physical devices have been stolen, or your home or business is subject to fire or flood.
Resilience against all of the above scenarios is not difficult, but it takes careful planning, and continually reassessing your technology environment!