All About WannaCry Ransomware

This is an urgent message going out to all our clients. You have by now heard in the news about the “WannaCry Ransomware Attack.”  I haven’t heard this much publicity about malware since “CryptoLocker” in 2013.

What is WannaCry Ransomware:

 

First and foremost – what is this “WannaCry”?

It’s bad… Real bad. You get it; you’re toast. It will encrypt and make your hard drive and data, files, pictures, work, QuickBooks, etc. useless; with no option to recover.

How does it work? WannaCry ransomware exploits a Windows Vulnerability. The conspiracy is that the Government has known about this vulnerability and never informed Microsoft. It’s also suggested that the NSA wrote the code. They used this as a “backdoor.” Microsoft last night released a Blog post titled “The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack.”  

“Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today – nation-state action and organized criminal action.” – Click here for more info: https://goo.gl/hki6M2

I’m confident that within the last 72 hours there are thousands of articles, posts and more on this “conspiracy.” For now, I want to focus on how this affects you and what we are doing to help.

How we are helping:

 

Managed Firewall Services:

First, if you are an active SOS|Support client with a Managed Service Firewall such as a SonicWALL that we manage – then you are protected with the first line of defenses.  This is all clients with an “All-inclusive” support and most clients with our “Hybrid” support.

“SonicWALL Capture Labs identified this attack in mid-April and has rolled out protection for SonicWALL firewall customers well in advance of this latest attack” This protection has been active since April 20th, 2017.

SOS Guardian: 

Tonight we will be pushing a deployment out with a Force Reboot at 6:00PM MSTThis will NOT affect Windows 10 computers, as they are already patched. Friday night Microsoft released a patch that patches this Windows vulnerability. However, unless you have either automatically/manually applied this patch and rebooted then you are not protected.

Please note there is ALWAYS concerns about doing quick Windows updates. In this case, we have warranted the possible small chance of the update causing a negative reaction is far outweighed by the risk of obtaining this malware. It is essential that we protect you on all fronts: Firewall, Windows Updates and Antivirus … (See below)

For this reason we will be deploying through SOS Guardian a force update tonight at 6:00.

Managed Antivirus (Webroot)

For our clients that we have setup with Managed Antivirus through Webroot, you are additionally protected.

“Webroot does currently protect you from WannaCry ransomware. In simple terms, although this ransomware is currently causing havoc across the globe, the ransomware itself is similar to what we have seen before. It’s the advanced delivery mechanism that has unfortunately caught many organizations off guard.”

What’s next:

 

We have a 3 prong approach to protecting your business.

  1. SonicWALL Managed Services
  2. Deploying a force update for systems that MAY be affected
  3. Our Managed Antivirus was ahead of the game

With all this said, there are still things we need to be aware of. Please reboot when Windows prompts you for updates (on a regular basis) so your updates can get applied.

Your SonicWALL was implemented and designed based on your company size and needs/requirements and budget. The latest SonicWALL Advanced Edition is a bit more costly but includes features such as “Zero-day protection” and “Sandbox protection: protecting your network from malware before it actually exists”… This next generation of Firewall’s will be the next phase of Firewall implementations over the next few years.

Regardless; your SonicWALL if managed by SOS Support is protecting you from the WannaCry ransomware and has been long before the ransomware was identified.

Conclusion:

It is disappointing to see all the businesses getting hit with this malware. An unwillingness to invest in proper I.T. support services which include Pro-Active support and Firewall Services… The squeaky wheel gets the grease. Up until now, the “I.T. security” hasn’t been squeaking..

Now that it has our attention, take some time to realize what could happen if your system is infected/encrypted and wiped permanently. 

As always don’t hesitate to contact us if you have any questions, concerns or needs! We are always happy and here to help!