The WannaCry ransomware/malware that’s making its way around the Internet has infected countless organizations and government institutions in over 150 countries, including China, Russia, the U.S. and most of Europe.
As you may know, ransomware is a type of malicious software that restricts access to your computer or network and threatens to delete your data within an allotted time unless you pay a ransom.
Microsoft issued a patch for the malware last March, but the problem resides from older versions of Windows or those computers and networks without Windows Updates. These computers did not receive the patch by Microsoft and were left open to attacks. If you run an older version of Windows that is no longer supported by Microsoft, you will be vulnerable to WannaCry, according to Microsoft’s blog. This includes Windows 8 and Windows XP.
Like most malicious campaigns, this type of ransomware could arrive as an email attachment or as a download on your computer. For your system to become infected, you’ll have to click on or download the attachment or file, which causes the program to run and infect your computer with ransomware.
This is a good opportunity for you to review your security and strategy plans in the event of such attacks.
- Back-up your files;
- Invest in decrypters;
- Install the latest security software;
- Create a best practice guide for such attacks (including an internal and external communications plan for your staff, clients, customers);
- Review DMA Guidelines on Data Security; and
- Run security and software updates.
Here are some steps for you to take to force your computer to run Windows 7 updates.
If you do find yourself a victim of a malicious ransomware attack, you can file a complaint with the FBI or Internet Crime Complaint Center at https://www.IC3.gov or contact the eec, and we’ll reach out to the FBI on your behalf. Please be sure to include the following information when filing your complaint:
- Date of Infection
- Ransomware Variant (identified on the ransom page or by the encrypted file extension)
- Victim Company Information (industry type, business size, etc.)
- How the Infection Occurred (link in email, browsing the Internet, etc.)
- Requested Ransom Amount
- Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
- Ransom Amount Paid (if any)
- Overall Losses Associated with a Ransomware Infection (including the ransom amount)
- Victim Impact Statement
Protect yourself, your computers and your networks.
Chair of eec Member Advisory Committee (MAC)
Chief Privacy & Security Officer, Return Path