Posts

Am I protected against Wanna Cry / Wanna Decryptor?

There has been a global ransomware attack that has struck over the last few days. It has been in the news a lot over the weekend. The New York Times has a good overview of it available here.

We have had several questions about it and wanted to create an easy place to gather all of the information.

FAQ’s

Here are the major questions we are getting so far from clients and others.:

Q: I am a customer of Strive IT. Am I protected against Wanna Cry / Wanna Decryptor?
A: Yes. If you are on our fully managed support plan, then you are protected on multiple fronts.

Q: What is this new virus I’m hearing about?
A: It is called Wanna Cry, or Wanna Decryptor. It is ransomware, which means if you get infected, the virus encrypts your files and doesn’t give you access to them unless you pay the virus creators.

Q: Is my computer vulnerable?
A: This virus attacks a security vulnerability in the Microsoft Windows operating system.  All versions except are at risk, though there are claims that Windows 10 is safe.  This vulnerability was discovered some months ago and Microsoft released a patch in March to fix it.  If you are running Windows Update regularly, you are probably secure.  All Strive IT customers with full management plans are protected.  If you want to be sure, Microsoft has created a special page dedicated to this particular update.  Those on bill-by-the-hour plans should call us to ensure. Click here to download the update.

Q: I don’t know if all my computers are updated. Does Antivirus help?
A: If you are using Strive IT’s antivirus program, you are protected. We use Kaspersky antivirus, which is known to detect and block the virus. At this point, all the major antivirus companies have released new definition files that should protect against infection. Check with your AV vendor’s website to be sure, and open your AV and run an update to ensure you have the latest protection rules.

More Information
If you want to learn more about how to protect yourself against viruses, check out our two part blog series on this subject: Part 1, Part 2.  Also, Why Do Hackers Write Viruses might be of interest.

Getting help from us

If you are concerned about protection on your network and would like help from us, please call us at 303-963-2301 or email at contact@striveit.com.

Updates

As we learn more about this infection and have new information, it will be posted here.

May 15, 7:58 A.M.
Security researchers have found a hidden “kill switch” to this virus.  This effectively stops the virus from working.  This is great news but–like biological viruses–new strains of this ransomware have evolved without this kill switch.  If you hear about a secret website that stops the virus from working, this is true.  However, don’t trust it because it doesn’t help in all cases anymore.  Please update

Why Do Hackers Write Viruses?

It’s All About the Money

Everyone hates viruses.  They are annoying, slow your computer down, and don’t seem like they’re doing much.  So why do hackers write viruses?  Is it just to be annoying little punks who want to feel powerful?  There is probably some percentage of viruses that get released that way.  But most often, it’s all about money.

First: Steal the Data

The first thing virus writers think about is what data they want to steal.  This can be social security numbers, health records, email credentials, active email addresses to spam (i.e. your address book), or any other type of data.  Sometimes it’s not even data they’re stealing, it’s resources.  They can use your computer’s CPU and internet connection to mine bitcoins, launch attacks on the people they’re really after, send spam, etc.  And it doesn’t matter if you don’t have these things on your computer.  They’re usually not targeting you specifically, they just release the virus on the public hope it lands on valuable computers.

Next: Bundle the Data

If someone steals your credit card, you will cancel it.  One stolen credit card number isn’t worth very much.  But thousands of credit card numbers are worth something, because some fraction of those people won’t know their cards are stolen, and the numbers will still be good.  The same goes for email accounts, health records, spam lists, and most other easily-stolen data.

Last: Sell it to Hackers & Criminals

That’s right: Hackers are stealing your data to sell it back to other hackers.  If someone can buy a thousand social security numbers and health records for $500 per bundle, 10 of those might be good and they can create fake identities, selling them for $1000 apiece.  (I’m making up the numbers, but you get the idea.)

Or: Sell it to Users

In the case of ransomware, they aren’t selling the data to other hackers.  They steal (encrypt) your data and then sell it back to you.  If you are new to ransomware, check out our article on Cryptolocker for a description of how it works.

Recap: Why do Hackers Write Viruses?

Because they can make money.  Good spammers can make six figures per year, but they need lists of real email addresses.  CryptoLocker was thought to have made $30 million, but they need access to computers so they can encrypt users data.  Viruses are how they get this data.

What can you do about it?

  1. Get a good firewall and spam filtering service
  2. Get good antivirus and anti-malware software on your computer and update/scan regularly
  3. Keep your computer and all programs up to date
  4. Back up your data often

If you are worried about your security and how well protected you are against viruses, contact Strive for an evaluation.  We can help keep you safe, secure, and always running smoothly.