{"id":10904,"date":"2017-05-15T08:32:50","date_gmt":"2017-05-15T12:32:50","guid":{"rendered":"https:\/\/southjerseytechies.net\/blog\/?p=10904"},"modified":"2017-05-23T15:31:01","modified_gmt":"2017-05-23T19:31:01","slug":"wannacry-ransomware","status":"publish","type":"post","link":"https:\/\/southjerseytechies.net\/blog\/wannacry-ransomware\/","title":{"rendered":"What you need to know about the WannaCry Ransomware"},"content":{"rendered":"

What has happened?<\/h2>\n

On May 12, 2017 a new variant of the Ransom.CryptXXX<\/a> ransomware family (detected as Ransom.Wannacry<\/a>) began spreading widely, impacting a large number of organizations, particularly in Europe.<\/p>\n

What is the WannaCry ransomware?<\/h2>\n

WannaCry encrypts data files and asks users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.<\/p>\n

\"\"<\/p>\n

Figure 1. Ransom demand screen displayed by the WannaCry Trojan<\/em><\/p>\n

It also drops a file named !Please Read Me!.txt which contains the\u00a0ransom note.<\/p>\n

\"\"<\/a><\/p>\n

Figure 2. Ransom demand note from WannaCry Trojan<\/em><\/p>\n

It propagates to other computers by exploiting a known SMB\u00a0remote code execution\u00a0vulnerability (MS17-010<\/a>) in Microsoft Windows computers.<\/p>\n

Are you\u00a0protected against this threat?<\/h2>\n

South Jersey Techies, LLC recommends and offers Symantec Endpoint Protection to its clients.\u00a0Symantec Endpoint Protection customers are protected against WannaCry using a combination of technologies:\u00a0Antivirus,\u00a0SONAR protection,\u00a0Network-based protection.<\/p>\n

All South Jersey Techies Managed IT Services<\/a>\u00a0client computers have the latest Windows security updates installed, in particular MS17-010, to prevent spreading. If your business \/ organization is not on our Managed IT Services<\/a> plan please\u00a0check or contact us<\/a> to ensure that you have the latest updates installed.<\/p>\n

Who is impacted?<\/h2>\n

A number of organizations globally have been affected, the majority of which are in Europe.<\/p>\n

Is this a targeted attack?<\/h2>\n

No, this is not believed to be a targeted attack at this time. Ransomware campaigns are typically indiscriminate.<\/p>\n

Can I recover the encrypted files?<\/h2>\n

Decryption is not available at this time but companies are investigating. South Jersey Techies, LLC does not recommend paying the ransom. Encrypted files should be restored from back-ups where possible.\u00a0South Jersey Techies offers a number of backup solutions including Carbonite Online Backup<\/a>\u00a0and cloud storage solutions<\/a>. If you are unsure about your computer \/ server backups, please check or contact us<\/a> to discuss the best solution for your business.<\/p>\n

What are best practices for protecting against ransomware?<\/h2>\n