Over the weekend, what is now being considered as the most dangerous ransomware attack to date began its infection around the globe: WannaCry.
Demanding infected users to give up $300 or more through BitCoin to release their locked files, WannaCry (also known as WannaCrypt or WanaCrypt0r 2.0) does its dirty work by exploiting a Windows vulnerability called “EternalBlue” that Microsoft released a security patch for in March. However, for many systems that have not applied the updates yet or have become End of Life (EOL) such as Windows XP, Windows 8 and Windows Server 2003, they are the ransomware’s prime target.
Whenever it loads itself onto a new machine, WannaCry automatically scans for computers it can infect on the same network. For example, if your machine is infected and you went to a public place and connected to their shared Wi-Fi network, it would spread to PCs through that entire network in the blink of an eye. You don’t even have to actively click on a phishing email or malicious link to get infected, just be in the network of a machine that already is.
According to Avast, the majority of WannaCry’s havoc has been targeted in Ukraine, Taiwan & Russia, but other major victims have reported being victimized such as various Chinese universities and FedEx. In fact, a major U.K. hospital had to completely cancel all their outpatient appointments until the problem was resolved. It also has been reported that WannaCry has sunk its teeth into 250,000 victims in over 150 countries in just a few days. It’s that vicious.
As of this posting, none of our clients have yet been infected by the WannaCry ransomware as we are actively monitoring and proactively protecting our clients with the best technology available. We manage patches to limit the interruptions to the flow of your business. To do this, we do not enable daytime patching and schedule patches for after hours.
We also do not automatically approve all Microsoft patches as several times in the past, Microsoft released patches that caused network wide outages. We maintain a Test environment to deploy patches to prevent our clients from experiencing outages. If you were to get infected, we would be able to recover all data and get you back up with minimal downtime.
Give us a call at (877) 85-RHINO. Our number one priority is to insure your network is as stable and reliable as possible. We take our responsibilities seriously, and do everything to protect your assets.