As you may have heard, in last few days a massive cyber-attack has infected machines around the world. The attack, called “WannaCry”, locks users out of their own systems and demands a ransom payment to release files. WannaCry has so far has impacted over 120 countries (and counting) and a large number of computers.

 

In this heightened situation, we request you to stay vigilant while using your computers. While dealing with any emails from any unknown email address, do not click any link or open any unknown attachments.

 

We strongly recommend and request that you follow the best practices outlined below in all area’s of the business;

 

  • Do not open attachments in unsolicited e-mails, even if they come from people in your contact list.
  • Do not click on any URLs contained in an unsolicited e-mail.
  • Report any suspicious emails or attachments to your IT Team.
  • Follow your company’s Computer Usage policy.
  • Do not download software, videos, MP3s, etc.
  • Check that your antivirus is updated and running in any machine you are using, if in doubt contact your IT team/company.
  • Backup your critical data and important files periodically.

 

If you believe your computer has been infected, immediately disconnect your machine from the network and contact your IT team/support company without delay. Do not try to restore any data on your own.

 

What will happen if I think my PC or network are infected?

 

Stage 1

 

  • Arrives via phishing email (pdf) and spreads like a worm using covert channels and exploiting the Windows

 

Stage 2INFECTION PROCESS

 

  • Payload delivered via exploit running as a service
  • It performs encryption on your PC/Network in the background
  • Uses TOR to stay anonymous – this means the Malware remains invisible

 

Stage 3 – RANSOM DEMAND

 

  • Drops ransom notes in 25+ languages
  • Encrypts shared and local files (176 types of files) INFECTION PROCESS
  • You will see an image as below which will be displayed on your screen and cannot be removed.

 

 

The Ransom note demands $300 to be paid within 3 days or $600 within 6 days – failure to do so provides a very real threat of losing important files.

 

Stage 4 – RECOVERY

 

  • Disconnect your machine from the network – IMMEDIATELY
  • Work with your IT team or support company who will invoke the necessary actions regarding the ransom demand and infection.

 

Please note with this type of attack there is no guarantee of recovery of your files, therefore prevention and protection of your PC and Network extremely important.  To reiterate, please take the following steps;

 

  • Do not open attachments in unsolicited e-mails, even if they come from people in your contact list.
  • Do not click on any URLs contained in an unsolicited e-mail.
  • Report any suspicious emails or attachments to your IT Team.
  • Follow your company’s Computer Usage policy at all times.
  • Do not download software, videos, MP3s, etc.
  • Check that your antivirus is updated and running in any machine you are using, if in doubt contact your IT team/company.
  • Backup your critical data and important files periodically.

 

By following these steps, this will help protect your PC and your network, please be vigilant at all times. If you wish to discuss how Kube can help protect your network, please contact us now on 0344 873 4488 or alternatively servicedelivery@kubenet.net.