You may have seen reports of the widespread cyber attack known as WannaCry (also WannaCrypt, Wcry) impacting major organisations across the world.
This is a ransomware attack in which malware encrypts, or effectively scrambles, a computer’s hard drive such that the data stored on it can no longer be read. Perpetrators claim the process will be reversed on payment of a ransom.
WannaCry appears to spread over networks, rather than requiring users to be tricked into clicking malicious phishing links. This means it instead relies on organisations not having applied existing Microsoft security patches.
Quick action by security researchers has provided a reprieve from the initial attack. However, a second wave of infections has been reported so organisations that have not moved to shore-up their security are still at high risk.
Details are still emerging about this attack and the situation is developing. However, some facts are known and Telstra wishes to offer some general information which may help internet users and businesses avoid infection and minimise damage if they are impacted.
All users running Windows systems:
- If your computer is infected with WannaCry, you should immediately disconnect your computer from networks including Ethernet (a plugged-in cable) and WiFi. This will help stop the malware from spreading.
- Ensure your computer has installed the latest Microsoft security updates and is running reputable updated antivirus software.
- Make regular backups of important data you cannot afford to lose.
- If your computer is running Windows XP, install Microsoft’s emergency security update. Consider upgrading to a modern and supported version of Windows such as Windows 10 as soon as possible.
Businesses running Windows systems:
- Immediately move to apply Microsoft patch MS17-010.
- Any publically-accessible SMB service should have inbound traffic on ports 139 and 445 immediately blocked.
- Contact the Federal Government’s CERT Australia on 1300 172 499 and report the incident to the Australian Cybercrime Online Reporting Network (ACORN).
Consider implementing phishing awareness training within your organisation. While WannaCry appears to spread without input from victims, copycat attacks in coming weeks are possible and could be delivered over phishing.