Stopping WannaCrypt

Update 6/27/2017

The  petya ransomware virus form today spreads similarly to the WannaCrypt virus from May 2017.  So if you properly completed all the Microsoft updates since April then you should be good.  Either way this is a timely reminder to use your Monthly Maintenance Folder and run your RPM. By the way I last simplified the instructions in may 2017 so feel free to look at the online version of RPM and scroll down to the Red heading  Maintenance Folder   for your latest simpler version of instructions.

What Happened 5/14/2017

The bad news is that many people are loosing all their data (like documents, databases and photos) to a ransom-ware virus called WannaCrypt.  Part of this virus was developed by the NSA but was leaked in February 2017.  Realizing that the this posed a potential Threat Microsoft issued a patch that can prevent the current version of this virus attack.  So both Microsoft and TrustedCTO have each tried to help you prevent this virus form hurting many people.  However lets not assume you are OK until we ask some questions and run your routine  updates and backups.

How it Spreads:

The WannaCrypt virus commonly spreads to your network through email attachments with Microsoft documents attached.  The virus is actually brought in through a macro in the document.  So don’t open suspicious documents even from people who you know and communicate with regularly.  Once somebody in your network opens the virus it can spread to other machines and attached backup drives on your network.  This is why it is important to preform windows updates on all  Microsoft computers on your network.

Protect yourself with Microsoft Updates and creating offline copies of your data backups

Back on March 14, 2017 Microsoft published: Microsoft Security Bulletin MS17-010 – Critical Security Update for Microsoft Windows SMB Server (4013389) .  So if you already have that patch you are currently much safer.  Still it is time to back up your data and take that latest backup off line.

TrustedCTO has encouraged you to always run your security updates.  As a result any TrustedCTO clients who have thoroughly run their RPM (Routine Preventative Maintenance) procedures in April or May of 2017 have little risk of being infected this week by the WannaCrypt (aka WannaCry) Ransom-ware virus.  (That is the name of the virus covered by all major new outlets beginning May 12 2017).  

If you have not run these procedures please consult the instructions in your Monthly Maintenance desktop folder and run them today.  These same procedures are also available on this website at the link

The most important steps are doing Windows Updates (sections 4 and Sections C) and running your data backups especially making off line copies of your data.  Making an off line backups generally means running your data back ups to a local USB drive and then unplugging that drive so if the virus hits your computer or network it can not jump to the USB drive to encrypt that backup as well.  However this virus can spread from one computer or drive on your local network to another or through email.  So lets also be extra careful with email attachments over the next few weeks.

Some will want to read this Microsoft Technet blog Post to learn more about the virus. 

If you are unsure if you have the Microsoft security patch then you can read Microsoft Knowledge Base Article 4013389  You can also manually download the patch directly through this TechNet Post.  There is a chart of different patches for the different MS Operating Systems.  Many of my clients have Microsoft Windows 7 64-bit.  Here is how you can know which Microsoft Operating system you have.

Hackers did this simply to make lots of money!

Yes they encrypt your data so that you can not access the encrypted versions until you buy the encryption key from them for $300 per machine.  Think of the money potential of getting $300 from millions of people in a few days.

further reading:

Old Windows PCs can stop WannaCry ransomware with new Microsoft

Forbes explains NSA vs Microsoft on this virus




Leave a Reply