Wannacry Ransomware – stay safe

Hi all,

I’m not one to panic. Overall, I keep a steady head in the face of the onslaught of IT demons out there.

Over the weekend the details of the latest world-wide ransomware attack have come to light. Temporarily a lucky work around was found to prevent propagation of the malicious application. The awful thing is – with all the news about that workaround being released – the creator(s) of said ransomware updated the files. The workaround to prevent the spread of the issue being no longer relevant means that *any* computer running Windows XP – Windows 10, any server from Server 2003 – Server 2016 is vulnerable. Once infected, the ransomware immediately spreads itself to any computer on your local network (home, work, coffee shop…). I spent time on the weekend patching any back end machines that are accessible to myself on VPN etc. for your organization.

(NB: I’m writing this message once for all clients, so some of this email may not be relevant to your configuration. It is best if you have questions to give me a quick call/email tomorrow to see if I have any quick instructions for you.)

The coles notes of this hack are as follows:

The NSA had a bunch of information they kept to themselves about a known windows flaw in the SMB protocol (file sharing)
The NSA had this and many other known vulnerabilities hacked, and uploaded online from a team of people dedicated to leaking this type of information to help secure the world’s computers and reveal that the NSA isn’t such a great organization
With the public knowledge of this information, the evil of the IT world made worms, ransomware etc. to take advantage of this flaw
Microsoft had posted an update to all currently supported operating systems a few weeks ago
The ransomware in question (mostly known and referred to as variants of ‘wannacry’) spread like wildfire
Someone found a workaround for stopping the spread of the ransomware by registering a specific domain that it looked online to find
The ransomware was updated by its creator and released again into the wild to continue infecting the planet’s computers
Microsoft release critical patches for all operating systems (even ones that have been dropped for support – XP, Server 2003, Vista…)
I’ve placed reference material at the foot of this message.

This is where I have some instructions for you Windows users. You can manually install the update for your operating system via links at the bottom of this message. It is recommended to immediately update any Windows system you use completely. Most of you are already familiar with running updates manually. Many of you get updates pushed out to your computer automatically by servers I have on site. Even in that situation, you still need to check for updates in case your computer wasn’t online recently, or if it needs to be rebooted manually. I believe in all the companies that I manage you are running Windows 7 and higher.

Windows 7 – Click the start button. Go to Control panel. Hit Windows update. Run all the updates and reboot until you are completely patched and no more updates are available. In some cases you should click on the blue text that states ‘check for updates online’ just in case you don’t get the latest ones from a server that may be on site at your organization.

Windows 10 – Click the start button. Click the gear. Hit the Update and Security button. Click check for updates and install/reboot until you are complete patched and no more updates are available.

Mac Users:

While this version of ransomware is specific to Windows flaws, that doesn’t mean there is no need for you to keep your machine patched. Please take this time to patch your machines as well. In most cases, you can click the Apple icon -> about this Mac. In the window that appears a link should exist that says ‘update’, ‘check for software updates’ etc. depending on your OS version. You should head over to the app on your device as well and update all the apps you have installed from there. Mac’s get viruses too – just as often as Windows PC’s do. Updates aren’t meant to hinder your computers on purpose or cause you grief. Most of the time they will improve the experience and stability – and more importantly the security of the platform.

The importance of backups:

I’ll take this time again to point out the importance of backing up your data. Ransomware specifically targets the files on your machine and encrypts them to prevent any access to it indefinitely. If you don’t have a backup your files are gone forever. The only workaround to most ransomware is to wipe the disk (or destroy it), reinstall your OS and software (update it!), and recover files from backups.

Safe browsing and email:

I’ve had many security rants before. Let’s cover in a few short notes the basics to safe browsing online:

Use a modern browser like Chrome/Firefox
Use uBlock Origin or similar adblock extension for your browser
Don’t click external links to sites from social media (Twitter, facebook) – instead SEARCH THE TITLE OR THE CONTENTS OF THE ARTICLE ON GOOGLE AND CLICK THE LINK THERE
NEVER open unexpected emails from Paypal, your bank etc. IF you didn’t initiate the process for the email, it’s probably spam.
NEVER open attachments to emails unless you have verified the sender is legitimate, AND YOU WERE EXPECTING THE MESSAGE. I wrote a message on this recently, please refer to it for other email recommendations in catching spam.

Stay safe out there – and remember the wise words from Hitchhikers Guide to the Galaxy.

If you want to simply install the critical patch, you can use the below links to save some time. You will need to know a little bit about your computer to use these links (but don’t worry if you pick the wrong one – it will just tell you that it doesn’t support your platform):

Windows XP SP3

http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe

Windows Vista x86 (32 bit)

http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c.msu

Windows Vista x64 (64 bit)

http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.0-kb4012598-x64_6a186ba2b2b98b2144b50f88baf33a5fa53b5d76.msu

Windows 7 x64 (64 bit)

http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3.msu

Windows 7 x86 (32 bit)

http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x86_6bb04d3971bb58ae4bac44219e7169812914df3f.msu

Windows 8

http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x64_f05841d2e94197c2dca4457f1b895e8f632b7f8e.msu