On Friday, companies around the world fell victim to malicious “WannaCrypt” software. Also known as “WannaCry”, the ransomware attacks computer users by encrypting important files and requesting ransom for their release.
In a blog post addressing the attacks, Microsoft’s president and chief legal officer Brad Smith pointed out that cybersecurity has become a shared responsibility between tech companies and customers. “This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support,” Smith wrote.
While the attack that started on Friday has been halted, it most likely won’t be the last one. With that in mind here’s what every employee should know to help protect their company in the future.
What makes WannaCrypt so dangerous?
Ransomware is nothing new. However, WannaCrypt is the first variant which can spread throughout home or office networks, infecting many more devices. As such, the software only needs to gain access to one staff member’s computer to potentially take out the whole company.
What can employees do to help prevent an attack?
If your IT department has not already contacted all employees about taking steps, approach them for advice first. For those companies without dedicated IT support, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) has listed a number of measures office network users should take:
- Ensure that there is a firewall or broadband router in place. If you know how, disable SMB service by closing TCP ports 139 and 445.
- Disconnect your computer from the internet and then backup any important files to a USB thumb drive or external hard disk.
- Remove the storage device immediately after the backup is complete.
- Run Windows Update for computers that are part of the office network, and install Microsoft Security Bulletin MS17-010 security patch.
- After updating all desktop computers, remember to apply the same security patch and Windows Update to corporate laptops. If you’re unsure whether a laptop has been affected by the malware, do not allow it to connect to the office network.
- If you have an IT administrator, they should proceed to disable SMBv1 for all computers. If you find yourself without IT support, inhouse or external, you can try doing it yourself by following these steps: https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
Did WannaCrypt affected anyone in Hong Kong?
So far, HKCERT received two incident reports. Both users were connected directly to the internet without using a router or firewall, and they had not installed the latest security update for their operating system.
What if my computer is infected with the ransomware?
If you suspect your computer is infected with the malware, don’t open any files and immediately disconnect your computer from the network, as well as from any external storage, HKCERT advises. Additionally, isolate other computers from the network by switching the network off. Victims are not advised to pay any ransom, as this does not guarantee the recovery of the encrypted files.
Anything else I should know?
As always, do not open links and attachment in any suspicious emails.