A severe ransomware attack known as "wannacry" has affected over 200,000 victims in over 150 countries. Here is what you need to know about wannacry and how to help keep your organization protected:
What Happened: Late last week, cybercriminals launched a massive attack using a security exploit found in Microsoft Windows. While Microsoft had patched the vulnerability weeks ago, many users on old versions of operating systems or those with an inadequate patch management strategy were vulnerable. The vulnerability allowed the cybercriminals to release the malware, which starts encrypting files and demanding a ransom of several hundred dollars in bitcoin for a decryption code the cybercriminals claimed would give control of data back to the user.
In what might be the largest ransomware cyberattack in the world to date, those affected include the likes of FedEx, international telecommunications companies, European natural gas and power companies, universities and countless others not properly patched. The list of victims is expected to grow throughout the week.
What P1 Did for Clients: We have taken the necessary steps to ensure our clients have the latest preventive measures, including security patches released by Microsoft. In addition, we have increased proactive monitoring and scanning for key components of the security threat.
What You Can Do to Help Protect Yourself: During a cyberattack of this nature, taking extra precaution with email is advised. Follow these guidelines to help protect yourself and your entire work environment:
1. Advise staff not to open ANY email coming from external systems such as Gmail, Yahoo!, AOL and Hotmail.
2. Advise staff not to use these same external systems if they have personal accounts.
3. Do NOT open any email from a sender you do not recognize.
4. Even if you recognize the sender, if you were not expecting the email, avoid opening it. Content from any known or unknown sender can be malicious. It is particularly important to:
- NEVER open a ZIP (compressed) file or strange-looking attachments.
- NEVER click a link in an email. Links can say one thing but direct a user to something entirely different.
5. If you MUST open an "expected" email that includes an attachment or link, try to confirm with the sender via phone or other means before opening the attachment or clicking the link.
6. Outside the office, consider a change of password for any webmail account you may use such as Gmail, Yahoo!, AOL and Hotmail. The best passwords are a combination of eight or more characters comprised of random capitalization that do not spell true words or names, numbers and special characters (~!@#$%^&*()_+).
How P1 Can Help You: Our current Security offerings include multiple layers of additional protection that were able to identify and mitigate the risks of the attack. To learn more about these offerings and how to add this additional layer of security, contact us at 201-505-1800 or by clicking here.
You are also invited to join us this Friday, May 19, as PriorityOne Group and Datto host the Third Annual "A Night at the Races." This event provides an educational forum where we will discuss the impact and best practices for disaster planning, recovery and continuity while enjoying an evening of dining, cocktails, horse racing and prizes. To reserve your seat, click here.