logo

WannaCry Ransomware Info and Links to Microsoft Patches

RUN ALL AVAILABLE UPDATES FROM MICROSOFT NOW!!

Even though the present site the bad guys were using for WannaCry  Ransomware has been shut down; the Windows vulnerability they chose to exploit still exists until all users run the Microsoft Patch. If you don’t, you, could be the next victim of a group trolling for users who decided to “sleep on it”, thinking the threat is gone. Ransomware continues be front page news as WannaCry shut down a Honda Plant in Japan (June 22nd) and a South Korean web hosting company just made the largest ransomware payout in history, 1 million dollars (June 2oth).  Though Wannacry (also known as wannacrypt) was designed to exploit weaknesses in Windows 7 and previous versions (XP etc), ransomware has been and continues to be, an ongoing threat for all users.  Why haven’t the offender’s been caught?  There is now very sophisticated software that hides the bad guys.  The good guys catch up and the bad guys find a way around it.  Malware can be downloaded to a computer and remain dormant for months till a host’s action triggers it.  It can even affect the physical architecture of a computer.

Safest solution, back up, run a pop up blocker, security suite and run all the Windows updates listed below.

Graph of Ransomware attacks

Graph of Ransomware attacks courtesy of Microsoft

 You can download the patch for WannaCry here for Windows 10, 7 and XP or simply run all available Windows Updates. If you want to choose when these updates will run (when you are asleep or at work) click here for directions for Windows 10. For Windows 7 users go to Control Panel-Windows Updates and then settings.

Setting Windows to update when you are asleep

Setting Windows to update when you are asleep

Microsoft’s support in creating patches for Windows XP and earlier operating systems not currently supported was unprecedented as those Windows Operating systems are usually ignored when new updates are issued. Though many users are still in love with Windows 7,  WannaCry has demonstrated the cost of not upgrading to Windows 10.  Make sure you have upgraded to the most recent version of Windows to avoid any conflicts with third party anti virus software.

Windows 10 security against ransomware

Windows 10 security against ransomware courtesy Microsoft

The new Windows Creator Update, when and if you decide to get it, provides much improved built-in Windows Defender Security and a more secure and feature filled Microsoft Edge browser.  In addition, instead of running updates that were cumulative and took a while to download and run; Microsoft will be sending more frequent and smaller updates that are easier for your PC to digest. One of the biggest features is called container based isolation,which literally isolates malware within a browser and prevents it from taking control of any other system on your computer.  This is a newer version of “Sandboxing” technology; because some malware was found to wait out the Sandbox isolation and then do it’s mischief when a predictable user (us) or computer event occurs.  This fall, things will improve even more with the new “Redstone” update (the 2nd Creators Update) from Microsoft, which features the Windows Defender Application Guard.

How to use all the newest features in The Creators Update to protect your computer

How to use all the newest features in The Creators Update to protect your computer

Let me be clear The Creators Update is not perfect yet, what update is?  So before you update always back up your computer. Check out PC Mags review of the best back up software here.  Backing up is the only sure remedy for ransomware; that and safe browsing techniques.  The sites where you get things for free usually have a bonus of dropping unwanted malware on your site. Regardless of the security solution, we are the weakest link.  If you are not sure about the safety of a site, insert url into Google’s Safe Browsing search window and check out their Malware dashboard.

Though the money to move to the new OS like Windows 7 or Windows 10 (a free upgrade for most) in The United States is not at issue. The money to own a legitimate copy of the software in some countries is often not available, as a Ukrainian student at my work pointed out. Without the newer version or legitimate copies of the software, getting timely updates may not be possible. This explains why WannaCry hit some countries harder than others. Pirated versions of Windows may be cheap but WannaCry made many pay dearly.  With the right software you can build a Windows operating system but upgrading and updating patches is another issue altogether.

WannaCry (i.e.ransomware) is a worm that spreads is by constantly scanning from infected computers till it finds one with a vulnerability or exploit (which they all had before this patch) and infecting it.  It is the result of a release by Shadow Brokers of hacking tools from the NSA that exploited vulnerabilities that Microsoft was unaware of.  Which is why Microsoft pulled out all stops to shut it down. They created the patch back in Mid- March 2017 but not everybody ran it.  Would it have been nice if the NSA told Microsoft about these ?  Hmmmm…Yes I think so. But then the backdoors might have been closed.  For further study here are types of Ransomware and the most exhaustive and exhausting article about the subject.

If you get hit with a virus or malware, DO NOT SHUT YOUR COMPUTER DOWN (malware, may shut your computer down for you)!  These intrusions often target memory, shutting down, reduces the options to locate and remove the malware.  Disconnect from the internet and run a tool like Malwarebytes, Bitdefender or Kaspersky.  If you are short of funds run free Sophos Home great against ransomware.  Check out reviews for Malware protection and removal here.  The WannaCry ransomware attack used a military level strength encryption but if you want to take a shot at un-encrypting data for other ransomware you could try a program from this list.  If that fails you, and  if you have earlier version of Windows, restore with Safe Mode with Command Prompt or restore to factory settings.  For later builds it’s easier to restore from back up you made or just keeping current with updates from Microsoft.  The options for a safe restore are much easier with the Creators Update.

If you become a victim of a Ransomware attack, DONT PAY; because chances are extremely slim, that you’ll you get your files back.  And if you pay you’ll encourage these beasts to feed on others. DO NOT SEARCH THE INTERNET FOR LINKS THAT SAY THEY WILL HELP YOU RECOVER THESE FILES.  I’m sorry this happened to you, but if they (online sites) say they can, they are likely lying, and will probably infect you with something else.  Data recovery is expensive and needs to be done usually in a brick and mortar store, if it can be done at all.

So why did big companies and hospitals get hacked?  Because big organizations have scheduled updates so as to not to interfere with day-to-day operations, once a week sometimes less.  Some don’t even have a networked option. In addition, these updates usually come in scheduled releases not all in once, except for emergencies like the one we have now.  Some didn’t know they needed the patch, like movie editors who work on Avid ISIS or Nexis shares (Info for patch for Avid here).

The latest evidence from British Intelligence was that the WannaCry attack was instigated from North Korea (the government behind the Sony attack).Though everybody read about Britain’s Nation Health Service being victimized few understood the personal toll the attack took.  (Hospitals in the US also fell victim.)  With lives on the line they paid the ransom with mixed results.  Fortunately a young 22 year old UK genius whose handle is MalwareTech, shut the operation down which hit scores of National Health Service hospitals across Britain. He did this by simply registering the site the criminals were using.  Possibly when the malware was being developed it had a flaw (thank god) that if it was able to connect to the address that Malware Tech registered it would not encrypt the data on the target machine.

Many large concerns also use Virtual Network Computing (VNC) to remotely access their files from anywhere. If you sign on to such a network that does not require a password, send up a flare to your IT guy. Paul McMillan had reported 30,000 such unsecured VNCs. Last week a concern called VNC Roulette published around 500 screen shots from computers logged on to VNCs that were not secured by passwords. This included bank statements, health records (with patient names, addresses and birthdates) and Facebook pages.

Finally don’t let this all make you crazy, back up, follow rules for safe browsing, update and enjoy your computer and your life.

 

Thousands of users affected. Play the time lapse map below created from data gathered by MalwareTech…

  • Share